Peter Ivanov

41 exploits Active since May 2014
CVE-2023-1081 WRITEUP MEDIUM WRITEUP
Microweber < 1.3.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVSS 4.8
CVE-2023-1877 WRITEUP CRITICAL WRITEUP
microweber/microweber <1.3.3 - Command Injection
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
CVSS 9.8
CVE-2023-1881 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.3.3 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVSS 5.4
CVE-2023-2014 WRITEUP MEDIUM WRITEUP
Microweber < 1.3.3 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVSS 4.8
CVE-2023-2239 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.3.4 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
CVSS 6.5
CVE-2023-2240 WRITEUP HIGH WRITEUP
Microweber < 1.3.4 - Improper Privilege Management
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
CVSS 8.8
CVE-2023-3142 WRITEUP MEDIUM WRITEUP
microweber/microweber <2.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVSS 5.4
CVE-2023-5244 WRITEUP MEDIUM WRITEUP
Microweber < 2.0 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVSS 6.1
CVE-2023-5318 WRITEUP HIGH WRITEUP
Microweber < 2.0 - Hard-coded Credentials
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVSS 7.5
CVE-2023-5861 WRITEUP MEDIUM WRITEUP
Microweber < 2.0.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVSS 4.8
CVE-2023-6566 WRITEUP MEDIUM WRITEUP
microweber/microweber <2.0 - Info Disclosure
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS 6.5
CVE-2023-6599 WRITEUP MEDIUM WRITEUP
microweber/microweber <2.0 - Info Disclosure
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVSS 4.3
CVE-2023-6832 WRITEUP MEDIUM WRITEUP
microweber/microweber <2.0 - Info Disclosure
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS 4.3
CVE-2024-40101 WRITEUP MEDIUM WRITEUP
Microweber <2.0.15 - XSS
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVSS 6.1
CVE-2025-70791 WRITEUP MEDIUM WRITEUP
Microweber < 2.0.20 - XSS
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVSS 6.1
CVE-2025-70792 WRITEUP MEDIUM WRITEUP
Microweber < 2.0.20 - XSS
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVSS 6.1