Peter Ivanov - Security Researcher - Exploit Intelligence Platform

CVE-2022-4732 WRITEUP HIGH WRITEUP

microweber < 1.3.2 - Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 7.2

View Code

CVE-2023-0608 WRITEUP MEDIUM WRITEUP

microweber < 1.3.2 - DOM-Based Cross-Site Scripting

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

CVSS 5.4

View Code

CVE-2023-1081 WRITEUP MEDIUM WRITEUP

microweber < 1.3.3 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

CVSS 4.8

View Code

CVE-2023-1877 WRITEUP CRITICAL WRITEUP

microweber/microweber <1.3.3 - Command Injection

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

CVSS 9.8

View Code

CVE-2023-1881 WRITEUP MEDIUM WRITEUP

microweber < 1.3.3 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

CVSS 5.4

View Code

CVE-2023-2014 WRITEUP MEDIUM WRITEUP

microweber < 1.3.3 - Cross-Site Scripting

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.

CVSS 4.8

View Code

CVE-2023-2239 WRITEUP MEDIUM WRITEUP

microweber/microweber <1.3.4 - Info Disclosure

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

CVSS 6.5

View Code

CVE-2023-2240 WRITEUP HIGH WRITEUP

microweber < 1.3.4 - Improper Privilege Management

Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

CVSS 8.8

View Code

CVE-2023-3142 WRITEUP MEDIUM WRITEUP

microweber < 2.0 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

CVSS 5.4

View Code

CVE-2023-5244 WRITEUP MEDIUM WRITEUP

microweber < 2.0 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CVSS 6.1

View Code

CVE-2023-5318 WRITEUP HIGH WRITEUP

microweber < 2.0 - Use of Hard-coded Credentials

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

CVSS 7.5

View Code

CVE-2023-5861 WRITEUP MEDIUM WRITEUP

microweber < 2.0.0 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

CVSS 4.8

View Code

CVE-2023-6566 WRITEUP MEDIUM WRITEUP

microweber/microweber <2.0 - Info Disclosure

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVSS 6.5

View Code

CVE-2023-6599 WRITEUP MEDIUM WRITEUP

microweber/microweber <2.0 - Info Disclosure

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

CVSS 4.3

View Code

CVE-2023-6832 WRITEUP MEDIUM WRITEUP

microweber/microweber <2.0 - Info Disclosure

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVSS 4.3

View Code

CVE-2024-40101 WRITEUP MEDIUM WRITEUP

microweber < 2.0.16 - Unauthenticated Reflected Cross-Site Scripting via Search Keywords Parameter

A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.

CVSS 6.1

View Code

CVE-2025-70791 WRITEUP MEDIUM WRITEUP

Microweber < 2.0.20 - Stored Cross-Site Scripting via Order Direction Parameter

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.

CVSS 6.1

View Code

CVE-2025-70792 WRITEUP MEDIUM WRITEUP

Microweber < 2.0.20 - Stored Cross-Site Scripting via Admin Category Create Endpoint

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.

CVSS 6.1

View Code