Filtered by vendor Microweber
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51502 | 1 Microweber | 1 Cms | 2025-08-12 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. | ||||
| CVE-2025-51504 | 1 Microweber | 1 Cms | 2025-08-12 | 7.6 High |
| Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. | ||||
| CVE-2025-51503 | 1 Microweber | 2 Cms, Microweber | 2025-08-06 | 7.6 High |
| A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers. | ||||
| CVE-2024-41380 | 1 Microweber | 1 Microweber | 2025-07-10 | 6.1 Medium |
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. | ||||
| CVE-2024-41381 | 1 Microweber | 1 Microweber | 2025-07-10 | 6.1 Medium |
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. | ||||
| CVE-2025-2214 | 1 Microweber | 1 Microweber | 2025-07-09 | 3.5 Low |
| A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-33297 | 1 Microweber | 1 Microweber | 2025-07-03 | 4.7 Medium |
| Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | ||||
| CVE-2024-33298 | 1 Microweber | 1 Microweber | 2025-07-03 | 6.1 Medium |
| Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | ||||
| CVE-2024-33299 | 1 Microweber | 1 Microweber | 2025-07-03 | 4.7 Medium |
| Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users | ||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2025-05-29 | 6.1 Medium |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2025-05-27 | 6.1 Medium |
| HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | ||||
| CVE-2022-33012 | 1 Microweber | 1 Microweber | 2025-04-29 | 8.8 High |
| Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. | ||||
| CVE-2022-0698 | 1 Microweber | 1 Microweber | 2025-04-25 | 6.1 Medium |
| Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | ||||
| CVE-2022-4617 | 1 Microweber | 1 Microweber | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2013-5984 | 1 Microweber | 1 Microweber | 2025-04-12 | N/A |
| Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2025-04-12 | N/A |
| SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | ||||
| CVE-2022-4732 | 1 Microweber | 1 Microweber | 2025-04-10 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2022-4647 | 1 Microweber | 1 Microweber | 2025-04-09 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2023-0608 | 1 Microweber | 1 Microweber | 2025-03-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2024-40101 | 1 Microweber | 1 Microweber | 2025-03-25 | 7.2 High |
| A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. | ||||