Peter Ivanov - Security Researcher - Exploit Intelligence Platform

CVE-2013-5984 WRITEUP WRITEUP

Microweber < 0.8 - Path Traversal

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.

View Code

CVE-2018-17104 WRITEUP HIGH WRITEUP

Microweber 1.0.7 - CSRF

An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.

CVSS 8.8

View Code

CVE-2021-32856 WRITEUP MEDIUM WRITEUP

Microweber <1.2.12 - XSS

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

CVSS 6.1

View Code

CVE-2022-0597 WRITEUP MEDIUM WRITEUP

Packagist microweber/microweber <1.2.11 - Open Redirect

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

CVSS 6.1

View Code

CVE-2022-0688 WRITEUP MEDIUM WRITEUP

Packagist microweber/microweber <1.2.11 - Info Disclosure

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

CVSS 4.9

View Code

CVE-2022-0689 WRITEUP MEDIUM WRITEUP

Packagist microweber/microweber <1.2.11 - Info Disclosure

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

CVSS 5.3

View Code

CVE-2022-0690 WRITEUP MEDIUM WRITEUP

Packagist microweber/microweber <1.2.11 - XSS

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

CVSS 6.1

View Code

CVE-2022-0723 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.2.11 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

CVSS 5.4

View Code

CVE-2022-0855 WRITEUP MEDIUM WRITEUP

microweber-dev/whmcs_plugin <0.0.4 - Path Traversal

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.

CVSS 6.1

View Code

CVE-2022-0906 WRITEUP MEDIUM WRITEUP

Microweber < 1.1.2 - XSS

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

CVSS 4.8

View Code

CVE-2022-2174 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.2.18 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

CVSS 6.1

View Code

CVE-2022-2252 WRITEUP MEDIUM WRITEUP

Microweber < 1.2.19 - Open Redirect

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

CVSS 6.1

View Code

CVE-2022-2280 WRITEUP MEDIUM WRITEUP

Microweber < 1.2.19 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

CVSS 5.4

View Code

CVE-2022-2300 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.2.19 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

CVSS 5.4

View Code

CVE-2022-2353 WRITEUP MEDIUM WRITEUP

microweber <1.2.20 - CSRF

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

CVSS 6.1

View Code

CVE-2022-2368 WRITEUP MEDIUM WRITEUP

microweber <1.2.20 - Auth Bypass

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

CVSS 6.5

View Code

CVE-2022-2470 WRITEUP MEDIUM WRITEUP

Microweber < 1.2.21 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

CVSS 6.1

View Code

CVE-2022-2495 WRITEUP MEDIUM WRITEUP

Microweber < 1.2.21 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

CVSS 4.8

View Code

CVE-2022-2777 WRITEUP MEDIUM WRITEUP

Microweber < 1.3.1 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

CVSS 5.4

View Code

CVE-2022-3242 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.3.2 - Code Injection

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 6.1

View Code

CVE-2022-3245 WRITEUP MEDIUM WRITEUP

HTML Injection - XSS

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

CVSS 6.1

View Code

CVE-2022-4617 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.3.2 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 6.1

View Code

CVE-2022-4647 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.3.2 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 6.1

View Code

CVE-2022-4732 WRITEUP HIGH WRITEUP

Microweber < 1.3.1 - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 7.2

View Code

CVE-2023-0608 WRITEUP MEDIUM WRITEUP

Microweber < 1.3.2 - XSS

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 5.4

View Code