Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | |||||
| CVE-2020-13241 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | |||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | |||||
| CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | |||||