microweber/microweber Security Advisories for 1.3.0.x-dev (24)
-
[MEDIUM] Business Logic Errors in microweber/microweber
PKSA-y5qg-3krh-f9b5 CVE-2023-6832 GHSA-qjfx-fvx7-3wvw
Affected version: <2.0.0
Reported by:
GitHub -
[LOW] Microweber missing standardized error handling mechanism
PKSA-3c1q-3392-wkmp CVE-2023-6599 GHSA-9r6p-hg4g-5gxp
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber file upload vulnerability
PKSA-xs75-x9v8-bkhn CVE-2023-49052 GHSA-2c7x-w3mx-h7p6
Affected version: <=2.0.4
Reported by:
GitHub -
[MEDIUM] Microweber Improper Access Control vulnerability
PKSA-74rd-c6sw-mfrp CVE-2023-5976 GHSA-q57g-38pc-jwv8
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-n7r8-zpqq-jfjd CVE-2023-47379 GHSA-jmwm-w2rm-prv9
Affected version: <2.0.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in microweber/microweber
PKSA-md65-d7tx-bbhf CVE-2023-5861 GHSA-7q5f-29gx-57ff
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber uses hard coded credentials
PKSA-m9c6-mgh7-jfgc CVE-2023-5318 GHSA-r657-3wqh-g2x9
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-z3vy-k1wh-bn3g CVE-2023-5244 GHSA-rgf9-j7gv-rq22
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Business Logic Errors
PKSA-xhwv-tsn6-jm7k CVE-2023-6566 GHSA-3rpx-pgmf-j96h
Affected version: <2.0.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-zb2q-hcnk-cg6k CVE-2023-3142 GHSA-fqcv-rfp6-wv92
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Information exposure in microweber
PKSA-279x-12x2-x9t1 CVE-2023-2239 GHSA-h83h-77x2-6w6g
Affected version: <1.3.4
Reported by:
GitHub -
[HIGH] Improper Privilege Management in microweber
PKSA-885q-z461-7kxw CVE-2023-2240 GHSA-r6xq-xcxc-fghx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-p47h-qx4x-x2bz CVE-2023-2014 GHSA-f4g6-c47x-qhww
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
PKSA-9pmn-8hgp-hp7r CVE-2023-1881 GHSA-hhjm-mpmf-cxg9
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to command injection
PKSA-qrb8-d4vh-dh64 CVE-2023-1877 GHSA-582p-2fpg-x226
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-gn5q-m2z9-rj2j CVE-2023-1081 GHSA-c2rc-8m9f-g4fh
Affected version: <=1.3.2
Reported by:
GitHub -
[MEDIUM] Microweber contains Cross-site Scripting
PKSA-8gr4-k329-d9km CVE-2023-0608 GHSA-pj97-r83v-vj7f
Affected version: <1.3.2
Reported by:
GitHub -
[HIGH] Microweber vulnerable to unrestricted malicious uploads
PKSA-zq9c-bxrf-3bjp CVE-2022-4732 GHSA-8h43-xg5g-9cj7
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Stored Cross-Site Scripting
PKSA-7z67-5rd5-wkmv CVE-2022-4647 GHSA-9cmm-52cv-6hvc
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Reflected Cross-site Scripting
PKSA-sbz2-jh9w-gqpr CVE-2022-4617 GHSA-3mmh-vq9w-4c3g
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-wx16-s43y-xhw1 CVE-2022-0698 GHSA-79gx-3fm8-qxqq
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting can result in redirection to a malicious site
PKSA-y76s-yhmf-6hyk CVE-2022-3242 GHSA-232p-59mg-f98p
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to HTML Injection in create tag functionality
PKSA-yckb-m7cf-td3k CVE-2022-3245 GHSA-gm8c-w9cm-c445
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber's title parameter in the body of POST request vulnerable to stored XSS
PKSA-52ck-8x1z-ypnr CVE-2022-2777 GHSA-cf6r-q678-f2p7
Affected version: <1.3.1
Reported by:
GitHub