Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microweber Subscribe
Total 106 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41380 1 Microweber 1 Microweber 2025-07-10 N/A 6.1 MEDIUM
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.
CVE-2024-41381 1 Microweber 1 Microweber 2025-07-10 N/A 6.1 MEDIUM
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.
CVE-2025-2214 1 Microweber 1 Microweber 2025-07-09 4.0 MEDIUM 3.5 LOW
A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-33297 1 Microweber 1 Microweber 2025-07-03 N/A 4.7 MEDIUM
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
CVE-2024-33298 1 Microweber 1 Microweber 2025-07-03 N/A 6.1 MEDIUM
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
CVE-2024-33299 1 Microweber 1 Microweber 2025-07-03 N/A 4.7 MEDIUM
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
CVE-2022-33012 1 Microweber 1 Microweber 2025-04-29 N/A 8.8 HIGH
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
CVE-2022-0698 1 Microweber 1 Microweber 2025-04-25 N/A 6.1 MEDIUM
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
CVE-2014-9464 1 Microweber 1 Microweber 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVE-2013-5984 1 Microweber 1 Microweber 2025-04-12 6.4 MEDIUM N/A
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2024-40101 1 Microweber 1 Microweber 2025-03-25 N/A 6.1 MEDIUM
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVE-2023-6832 1 Microweber 1 Microweber 2024-11-21 N/A 4.3 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6599 1 Microweber 1 Microweber 2024-11-21 N/A 4.3 MEDIUM
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6566 1 Microweber 1 Microweber 2024-11-21 N/A 6.5 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5976 1 Microweber 1 Microweber 2024-11-21 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5861 1 Microweber 1 Microweber 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5318 1 Microweber 1 Microweber 2024-11-21 N/A 7.5 HIGH
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5244 1 Microweber 1 Microweber 2024-11-21 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-49052 1 Microweber 1 Microweber 2024-11-21 N/A 8.8 HIGH
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVE-2023-48122 1 Microweber 1 Microweber 2024-11-21 N/A 7.5 HIGH
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.