Microweber
Products by Microweber Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Microweber . Last year Microweber had 19 security vulnerabilities published. Right now, Microweber is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 19 | 6.13 |
2022 | 67 | 6.21 |
2021 | 2 | 6.65 |
2020 | 5 | 7.28 |
2019 | 1 | 6.10 |
2018 | 2 | 7.45 |
It may take a day or so for new Microweber vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microweber Security Vulnerabilities
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6832
4.3 - Medium
- December 15, 2023
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Business Logic Errors
An issue in microweber v.2.0.1 and fixed in v.2.0.4
CVE-2023-48122
7.5 - High
- December 08, 2023
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6599
4.3 - Medium
- December 08, 2023
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
Improper Handling of Exceptional Conditions
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6566
6.5 - Medium
- December 07, 2023
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
File Upload vulnerability in Microweber v.2.0.4
CVE-2023-49052
8.8 - High
- November 30, 2023
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
Unrestricted File Upload
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS)
CVE-2023-47379
5.4 - Medium
- November 08, 2023
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
XSS
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5976
4.3 - Medium
- November 07, 2023
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5861
4.8 - Medium
- October 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
XSS
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5318
7.5 - High
- September 30, 2023
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
Use of Hard-coded Credentials
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5244
6.1 - Medium
- September 28, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-3142
5.4 - Medium
- June 07, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
XSS
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-2239
6.5 - Medium
- April 22, 2023
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
Privacy violation
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-2240
8.8 - High
- April 22, 2023
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
Improper Privilege Management
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-2014
4.8 - Medium
- April 13, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
XSS
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1877
9.8 - Critical
- April 05, 2023
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
Command Injection
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1881
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1081
4.8 - Medium
- February 28, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
XSS
Microweber is a drag and drop website builder and content management system
CVE-2021-32856
6.1 - Medium
- February 21, 2023
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
XSS
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2023-0608
5.4 - Medium
- February 01, 2023
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
XSS