pkg:Packagist/microweber/microweber

All known vulnerabilities

• HIGH8.8CVE-2023-49052Microweber file upload vulnerability
  from 0, <= 2.0.4
• HIGH8.8CVE-2023-2240Improper Privilege Management in microweber
  from 0, < 1.3.4
• HIGH8.8CVE-2022-33012Account Takeover Through Password Reset Poisoning
  from 0, <= 1.2.15
• HIGH8.8Incorrect Authorization in microweber
  from 0, < 1.2.15
• HIGH8.8Improper Neutralization of Special Elements Used in a Template Engine in microweber
  from 0, < 1.3
• HIGH8.8Insertion of Sensitive Information Into Debugging Code in Microweber
  from 0, < 1.3
• HIGH8.8Cross-site Scripting in microweber
  from 0, < 1.2.11
• HIGH7.8Microweber allows Unrestricted File Upload
  from 0, <= 1.1.18
• HIGH7.8OS Command Injection in Microweber
  from 0, < 1.2.11
• HIGH7.7Static Code Injection in Microweber
  from 0, < 1.3
• HIGH7.6Cross-site Scripting in Microweber
  from 0, < 1.3
• HIGH7.6CRLF Injection in microweber
  from 0, < 1.2.11
• HIGH7.5Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
  >= 2.0.1, < 2.0.4
• HIGH7.5Microweber Discloses Sensitive Information
  from 0, < 1.1.20
• HIGH7.5Integer Overflow or Wraparound in Microweber
  from 0, < 1.2.12
• HIGH7.5Integer Overflow or Wraparound in Microweber
  from 0, < 1.2.12
• HIGH7.5Rate limit missing in microweber
  from 0, < 1.3
• HIGH7.5Generation of Error Message Containing Sensitive Information in microweber
  from 0, < 1.2.11
• HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor in microweber
  from 0, < 1.2.11
• HIGH7.5Code Injection in microweber
  from 0, < 1.2.11
• HIGH7.4Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
  from 0, < 1.3.3
• HIGH7.2Microweber vulnerable to unrestricted malicious uploads
  from 0, < 1.3.2
• HIGH7.2Integer Overflow in microweber
  from 0, <= 1.2.11
• HIGH7.2Zip slip in Microweber
  from 0, < 1.2.3
• HIGH7.1Denial of service in microweber
  from 0, <= 1.2.11
• MEDIUM6.8Stored Cross-site Scripting in Microweber
  from 0, < 1.2.12
• MEDIUM6.8Cross-site Scripting in microweber
  from 0, < 1.2.12
• MEDIUM6.8Cross-site Scripting in microweber
  from 0, < 1.2.12
• MEDIUM6.7Unrestricted Upload of File with Dangerous Type in Microweber
  from 0, < 1.2.12
• MEDIUM6.6Microweber's title parameter in the body of POST request vulnerable to stored XSS
  from 0, < 1.3.1
• MEDIUM6.5Information exposure in microweber
  from 0, < 1.3.4
• MEDIUM6.5Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
  from 0, < 1.2.21
• MEDIUM6.5Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM6.5Cross-Site Request Forgery in microweber
  from 0, <= 1.2.10
• MEDIUM6.5Generation of Error Message Containing Sensitive Information in microweber
  from 0, <= 1.2.10
• MEDIUM6.5Microweber Incorrect Permission Assignment for Critical Resource vulnerability
  from 0, < 1.2.11
• MEDIUM6.3Microweber before v1.2.20 vulnerable to cross-site scripting
  from 0, < 1.2.20
• MEDIUM6.3Cross-site Scripting in Microweber
  from 0, < 1.2.16
• MEDIUM6.3Cross-site Scripting in microweber
  from 0, < 1.2.15
• MEDIUM6.3Cross-site Scripting in Microweber
  from 0, < 1.2.15
• MEDIUM6.1Microweber has a Cross-site Scripting vulnerability
  from 0, < 2.0.20
• MEDIUM6.1Microweber Cross-site Scripting vulnerability
  from 0, < 2.0.20
• MEDIUM6.1Microweber has Reflected XSS Vulnerability in the layout Parameter
  >= 2.0.0, <= 2.0.19
• MEDIUM6.1Microweber has Reflected XSS Vulnerability in the id Parameter
  >= 2.0.0, <= 2.0.19
• MEDIUM6.1Microweber Reflected Cross-site scripting (XSS) vulnerability
  from 0, < 2.0.16
• MEDIUM6.1Microweber Cross Site Scripting (XSS) vulnerability
  from 0, <= 2.0.16
• MEDIUM6.1Microweber Cross Site Scripting (XSS) vulnerability
  from 0, <= 2.0.16
• MEDIUM6.1Microweber Cross-site Scripting vulnerability
  from 0, <= 1.3.4
• MEDIUM6.1Microweber vulnerable to command injection
  from 0, < 1.3.3
• MEDIUM6.1Microweber Cross-site Scripting vulnerability
  from 0, <= 1.2.12
• MEDIUM6.1Microweber vulnerable to Stored Cross-Site Scripting
  from 0, <= 1.3.1
• MEDIUM6.1Microweber vulnerable to Reflected Cross-site Scripting
  from 0, <= 1.3.1
• MEDIUM6.1Microweber vulnerable to cross-site scripting (XSS)
  from 0, <= 1.3.1
• MEDIUM6.1Microweber Cross-site Scripting can result in redirection to a malicious site
  from 0, < 1.3.2
• MEDIUM6.1Microweber vulnerable to HTML Injection in create tag functionality
  from 0, < 1.3.2
• MEDIUM6.1Microweber before 1.2.21 vulnerable to reflected XSS
  from 0, < 1.2.21
• MEDIUM6.1Open Redirect in microweber
  from 0, < 1.2.19
• MEDIUM6.1Cross-site Scripting in Microweber
  from 0, < 1.2.18
• MEDIUM6.1Cross-site Scripting in Microweber
  from 0, <= 1.2.17
• MEDIUM6.1Microweber XSS Vulnerability
  from 0, < 1.1
• MEDIUM6.1Microweber XSS Vulnerability
  from 0, <= 1.0.8
• MEDIUM6.1Microweber vulnerable to cross-site scripting (XSS)
  from 0, <= 1.2.15
• MEDIUM6.1Open redirect in microweber
  from 0, < 1.2.11
• MEDIUM6.1Open redirect in microweber
  from 0, < 1.2.11
• MEDIUM6.0Business Logic Errors in microweber/microweber
  from 0, < 2.0.0
• MEDIUM5.9Microweber Business Logic Errors
  from 0, < 2.0.0
• MEDIUM5.8Microweber uses hard coded credentials
  from 0, <= 1.3.4
• MEDIUM5.5Microweber Insufficient Session Expiry
• MEDIUM5.4Microweber Cross-site Scripting vulnerability
  from 0, < 2.0.3
• MEDIUM5.4Microweber Cross-site Scripting vulnerability
  from 0, <= 1.3.4
• MEDIUM5.4Microweber contains Cross-site Scripting
  from 0, < 1.3.2
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.19
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.19
• MEDIUM5.4Unrestricted XML files leading to cross-site scripting in Microweber
  from 0, < 1.2.12
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, <= 1.2.10
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM5.4Cross-site Scripting in microweber
  from 0, < 1.2.11
• MEDIUM5.3Business Logic Errors in microweber
  from 0, < 1.2.11
• MEDIUM4.8Cross-site Scripting (XSS) in microweber/microweber
  from 0, < 2.0.0
• MEDIUM4.8Microweber vulnerable to cross-site scripting (XSS)
  from 0, < 1.3.3
• MEDIUM4.8Microweber Cross-site Scripting vulnerability
  from 0, <= 1.3.2
• MEDIUM4.8Microweber Stored Cross-site Scripting before v1.2.20
  from 0, < 1.2.20
• MEDIUM4.8Cross-site Scripting in microweber
  from 0, < 1.2.12
• MEDIUM4.8Cross-site Scripting in microweber
  from 0, < 1.2.12
• MEDIUM4.8Unrestricted Upload of File with Dangerous Type in microweber
  from 0, < 1.2.12
• MEDIUM4.8Unrestricted file upload leads to stored cross-site scripting in Microweber
  from 0, < 1.2.12
• MEDIUM4.8Cross-site Scripting in microweber
  from 0, < 1.3
• MEDIUM4.3Microweber Improper Access Control vulnerability
  from 0, < 2.0.0
• MEDIUM4.3Exposure of Resource to Wrong Sphere in microweber
  from 0, < 1.3.0
• MEDIUM4.3Cross-Site Request Forgery microweber
  from 0, < 1.2.11
• MEDIUM4.3Microweber vulnerable to Improper Validation of Specified Quantity in Input
  from 0, < 1.2.11
• LOW3.5Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler
  from 0, <= 2.0.19
• LOW3.1Microweber missing standardized error handling mechanism
  from 0, < 2.0.0
• LOW2.7Business Logic Errors in microweber
  from 0, < 1.2.11
• —Microweber XSS Vulnerability in the homepage Endpoint
  >= 2.0.0, <= 2.0.19
• —Microweber Has Stored XSS Vulnerability in User Profile Fields
  >= 2.0.0, <= 2.0.19
• —Microweber CMS API has authenticated local file inclusion vulnerability
  from 0, < 1.2.11