Filtered by vendor Microweber
Subscriptions
Filtered by product Microweber
Subscriptions
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23136 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.5 Medium |
| Microweber v1.1.18 is affected by no session expiry after log-out. | ||||
| CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | ||||
| CVE-2020-13241 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.8 High |
| Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | ||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | ||||
| CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | ||||