Vulnerabilites related to microweber - microweber/microweber
CVE-2022-0928 (GCVE-0-2022-0928)
Vulnerability from cvelistv5
Published
2022-03-11 10:25
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T10:25:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a"
}
],
"source": {
"advisory": "085aafdd-ba50-44c7-9650-fa573da29bcd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0928",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd"
},
{
"name": "https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a"
}
]
},
"source": {
"advisory": "085aafdd-ba50-44c7-9650-fa573da29bcd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0928",
"datePublished": "2022-03-11T10:25:10",
"dateReserved": "2022-03-11T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2470 (GCVE-0-2022-2470)
Vulnerability from cvelistv5
Published
2022-07-22 14:24
Modified
2024-08-03 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:24:35",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4"
}
],
"source": {
"advisory": "3f1f679c-c243-431c-8ed0-e61543b9921b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2470",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.21"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b"
},
{
"name": "https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4"
}
]
},
"source": {
"advisory": "3f1f679c-c243-431c-8ed0-e61543b9921b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2470",
"datePublished": "2022-07-22T14:24:36",
"dateReserved": "2022-07-19T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0896 (GCVE-0-2022-0896)
Vulnerability from cvelistv5
Published
2022-03-09 11:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T11:20:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
],
"source": {
"advisory": "113056f1-7a78-4205-9f42-940ad41d8df0",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0896",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"name": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
]
},
"source": {
"advisory": "113056f1-7a78-4205-9f42-940ad41d8df0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0896",
"datePublished": "2022-03-09T11:20:09",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0895 (GCVE-0-2022-0895)
Vulnerability from cvelistv5
Published
2022-03-10 11:10
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code
Summary
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static Code Injection in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T11:10:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470"
}
],
"source": {
"advisory": "3c070828-fd00-476c-be33-9c877172363d",
"discovery": "EXTERNAL"
},
"title": " Static Code Injection in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0895",
"STATE": "PUBLIC",
"TITLE": " Static Code Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static Code Injection in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d"
},
{
"name": "https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470"
}
]
},
"source": {
"advisory": "3c070828-fd00-476c-be33-9c877172363d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0895",
"datePublished": "2022-03-10T11:10:10",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0968 (GCVE-0-2022-0968)
Vulnerability from cvelistv5
Published
2022-03-15 15:40
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The microweber application allows large characters to insert in the input field \"fist \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:40:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e"
}
],
"source": {
"advisory": "97e36678-11cf-42c6-889c-892d415d9f9e",
"discovery": "EXTERNAL"
},
"title": "The microweber application allows large characters to insert in the input field \"fist \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0968",
"STATE": "PUBLIC",
"TITLE": "The microweber application allows large characters to insert in the input field \"fist \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The microweber application allows large characters to insert in the input field \"fist \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e"
},
{
"name": "https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e"
}
]
},
"source": {
"advisory": "97e36678-11cf-42c6-889c-892d415d9f9e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0968",
"datePublished": "2022-03-15T15:40:18",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4647 (GCVE-0-2022-4647)
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2025-04-09 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:39.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4647",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:17:49.003762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:35:42.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242"
},
{
"url": "https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"
}
],
"source": {
"advisory": "ccdd243d-726c-4199-b742-25c571491242",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4647",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-12-22T00:00:00.000Z",
"dateUpdated": "2025-04-09T18:35:42.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0277 (GCVE-0-2022-0277)
Vulnerability from cvelistv5
Published
2022-01-20 00:00
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0e776f3d-35b1-4a9e-8fe8-91e46c0d6316"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0e776f3d-35b1-4a9e-8fe8-91e46c0d6316"
},
{
"url": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6"
}
],
"source": {
"advisory": "0e776f3d-35b1-4a9e-8fe8-91e46c0d6316",
"discovery": "EXTERNAL"
},
"title": "Incorrect Permission Assignment for Critical Resource in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0277",
"datePublished": "2022-01-20T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0597 (GCVE-0-2022-0597)
Vulnerability from cvelistv5
Published
2022-02-15 13:50
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site
Summary
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/68c22eab-cc69-4e9f-bcb6-2df3db626813"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/acfc6a581d1ea86096d1b0ecd8a0eec927c0e9b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T13:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/68c22eab-cc69-4e9f-bcb6-2df3db626813"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/acfc6a581d1ea86096d1b0ecd8a0eec927c0e9b2"
}
],
"source": {
"advisory": "68c22eab-cc69-4e9f-bcb6-2df3db626813",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0597",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/68c22eab-cc69-4e9f-bcb6-2df3db626813",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/68c22eab-cc69-4e9f-bcb6-2df3db626813"
},
{
"name": "https://github.com/microweber/microweber/commit/acfc6a581d1ea86096d1b0ecd8a0eec927c0e9b2",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/acfc6a581d1ea86096d1b0ecd8a0eec927c0e9b2"
}
]
},
"source": {
"advisory": "68c22eab-cc69-4e9f-bcb6-2df3db626813",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0597",
"datePublished": "2022-02-15T13:50:10",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0596 (GCVE-0-2022-0596)
Vulnerability from cvelistv5
Published
2022-02-15 00:00
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5"
},
{
"url": "https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005"
}
],
"source": {
"advisory": "f68b994e-2b8b-49f5-af2a-8cd99e8048a5",
"discovery": "EXTERNAL"
},
"title": "Improper Validation of Specified Quantity in Input in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0596",
"datePublished": "2022-02-15T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0724 (GCVE-0-2022-0724)
Vulnerability from cvelistv5
Published
2022-02-23 10:45
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Summary
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T10:45:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0724",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"name": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
]
},
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0724",
"datePublished": "2022-02-23T10:45:11",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0688 (GCVE-0-2022-0688)
Vulnerability from cvelistv5
Published
2022-02-20 14:45
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/051ec6d4-0b0a-41bf-9ded-27813037c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/a41f0fddaf08ff12b2b82506b1ca9490c93ab605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-20T14:45:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/051ec6d4-0b0a-41bf-9ded-27813037c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/a41f0fddaf08ff12b2b82506b1ca9490c93ab605"
}
],
"source": {
"advisory": "051ec6d4-0b0a-41bf-9ded-27813037c9c9",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0688",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/051ec6d4-0b0a-41bf-9ded-27813037c9c9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/051ec6d4-0b0a-41bf-9ded-27813037c9c9"
},
{
"name": "https://github.com/microweber/microweber/commit/a41f0fddaf08ff12b2b82506b1ca9490c93ab605",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/a41f0fddaf08ff12b2b82506b1ca9490c93ab605"
}
]
},
"source": {
"advisory": "051ec6d4-0b0a-41bf-9ded-27813037c9c9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0688",
"datePublished": "2022-02-20T14:45:11",
"dateReserved": "2022-02-19T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2777 (GCVE-0-2022-2777)
Vulnerability from cvelistv5
Published
2022-08-11 10:45
Modified
2024-08-03 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T10:45:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58"
}
],
"source": {
"advisory": "13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2777",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f"
},
{
"name": "https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58"
}
]
},
"source": {
"advisory": "13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2777",
"datePublished": "2022-08-11T10:45:13",
"dateReserved": "2022-08-11T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1036 (GCVE-0-2022-1036)
Vulnerability from cvelistv5
Published
2022-03-22 12:40
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T12:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a"
}
],
"source": {
"advisory": "db615581-d5a9-4ca5-a3e9-7a39eceaa424",
"discovery": "EXTERNAL"
},
"title": "Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1036",
"STATE": "PUBLIC",
"TITLE": "Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424"
},
{
"name": "https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a"
}
]
},
"source": {
"advisory": "db615581-d5a9-4ca5-a3e9-7a39eceaa424",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1036",
"datePublished": "2022-03-22T12:40:10",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3142 (GCVE-0-2023-3142)
Vulnerability from cvelistv5
Published
2023-06-07 00:00
Modified
2025-01-06 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3142",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T21:09:56.966416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T21:10:08.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5"
},
{
"url": "https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1"
}
],
"source": {
"advisory": "d00686b0-f89a-4e14-98d7-b8dd3f92a6e5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3142",
"datePublished": "2023-06-07T00:00:00",
"dateReserved": "2023-06-07T00:00:00",
"dateUpdated": "2025-01-06T21:10:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3242 (GCVE-0-2022-3242)
Vulnerability from cvelistv5
Published
2022-09-20 10:15
Modified
2025-05-29 13:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3242",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T13:56:48.758963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T13:56:54.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository microweber/microweber prior to 1.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T10:15:19.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c"
}
],
"source": {
"advisory": "3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf",
"discovery": "EXTERNAL"
},
"title": "HTML code Injection in template search keyword in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3242",
"STATE": "PUBLIC",
"TITLE": "HTML code Injection in template search keyword in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository microweber/microweber prior to 1.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf"
},
{
"name": "https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c"
}
]
},
"source": {
"advisory": "3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3242",
"datePublished": "2022-09-20T10:15:20.000Z",
"dateReserved": "2022-09-20T00:00:00.000Z",
"dateUpdated": "2025-05-29T13:56:54.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0930 (GCVE-0-2022-0930)
Vulnerability from cvelistv5
Published
2022-03-12 13:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-12T13:20:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72e"
}
],
"source": {
"advisory": "d184ce19-9608-42f1-bc3d-06ece2d9a993",
"discovery": "EXTERNAL"
},
"title": "File upload filter bypass leading to stored XSS in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0930",
"STATE": "PUBLIC",
"TITLE": "File upload filter bypass leading to stored XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993"
},
{
"name": "https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72e",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72e"
}
]
},
"source": {
"advisory": "d184ce19-9608-42f1-bc3d-06ece2d9a993",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0930",
"datePublished": "2022-03-12T13:20:09",
"dateReserved": "2022-03-11T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4732 (GCVE-0-2022-4732)
Vulnerability from cvelistv5
Published
2022-12-24 00:00
Modified
2025-04-10 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4732",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:09:36.711661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:13:51.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa"
},
{
"url": "https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0"
}
],
"source": {
"advisory": "d5be2e96-1f2f-4357-a385-e184cf0119aa",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4732",
"datePublished": "2022-12-24T00:00:00.000Z",
"dateReserved": "2022-12-24T00:00:00.000Z",
"dateUpdated": "2025-04-10T20:13:51.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2252 (GCVE-0-2022-2252)
Vulnerability from cvelistv5
Published
2022-06-29 15:15
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site
Summary
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect in GitHub repository microweber/microweber prior to 1.2.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-29T15:15:21",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff"
}
],
"source": {
"advisory": "4d394bcc-a000-4f96-8cd2-8c565e1347e8",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2252",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.19"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect in GitHub repository microweber/microweber prior to 1.2.19."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8"
},
{
"name": "https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff"
}
]
},
"source": {
"advisory": "4d394bcc-a000-4f96-8cd2-8c565e1347e8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2252",
"datePublished": "2022-06-29T15:15:21",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0690 (GCVE-0-2022-0690)
Vulnerability from cvelistv5
Published
2022-02-19 16:00
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T16:00:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2"
}
],
"source": {
"advisory": "4999a0f4-6efb-4681-b4ba-b36babc366f9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0690",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9"
},
{
"name": "https://github.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2"
}
]
},
"source": {
"advisory": "4999a0f4-6efb-4681-b4ba-b36babc366f9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0690",
"datePublished": "2022-02-19T16:00:11",
"dateReserved": "2022-02-19T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2174 (GCVE-0-2022-2174)
Vulnerability from cvelistv5
Published
2022-06-22 12:00
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T12:00:38",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961"
}
],
"source": {
"advisory": "ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2174",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.18"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607"
},
{
"name": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961"
}
]
},
"source": {
"advisory": "ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2174",
"datePublished": "2022-06-22T12:00:38",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T00:32:07.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0763 (GCVE-0-2022-0763)
Vulnerability from cvelistv5
Published
2022-02-26 10:00
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6de9c621-740d-4d7a-9d77-d90c6c87f3b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/c897d0dc159849763a813184d9b75b966c6360bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-26T10:00:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6de9c621-740d-4d7a-9d77-d90c6c87f3b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/c897d0dc159849763a813184d9b75b966c6360bf"
}
],
"source": {
"advisory": "6de9c621-740d-4d7a-9d77-d90c6c87f3b6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0763",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6de9c621-740d-4d7a-9d77-d90c6c87f3b6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6de9c621-740d-4d7a-9d77-d90c6c87f3b6"
},
{
"name": "https://github.com/microweber/microweber/commit/c897d0dc159849763a813184d9b75b966c6360bf",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c897d0dc159849763a813184d9b75b966c6360bf"
}
]
},
"source": {
"advisory": "6de9c621-740d-4d7a-9d77-d90c6c87f3b6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0763",
"datePublished": "2022-02-26T10:00:10",
"dateReserved": "2022-02-25T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1439 (GCVE-0-2022-1439)
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It\u0027s the only payload I found working, you might need to press \"tab\" but there is probably a paylaod that runs without user interaction."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T16:30:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8"
}
],
"source": {
"advisory": "86f6a762-0f3d-443d-a676-20f8496907e0",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1439",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.15"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It\u0027s the only payload I found working, you might need to press \"tab\" but there is probably a paylaod that runs without user interaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0"
},
{
"name": "https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8"
}
]
},
"source": {
"advisory": "86f6a762-0f3d-443d-a676-20f8496907e0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1439",
"datePublished": "2022-04-22T16:30:14",
"dateReserved": "2022-04-22T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0961 (GCVE-0-2022-0961)
Vulnerability from cvelistv5
Published
2022-03-15 14:55
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f7acbd075dff4825b35b597b74958de9edce67fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The microweber application allows large characters to insert in the input field \"post title\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/f7acbd075dff4825b35b597b74958de9edce67fc"
}
],
"source": {
"advisory": "cdf00e14-38a7-4b6b-9bb4-3a71bf24e436",
"discovery": "EXTERNAL"
},
"title": "The microweber application allows large characters to insert in the input field \"post title\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0961",
"STATE": "PUBLIC",
"TITLE": "The microweber application allows large characters to insert in the input field \"post title\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The microweber application allows large characters to insert in the input field \"post title\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436"
},
{
"name": "https://github.com/microweber/microweber/commit/f7acbd075dff4825b35b597b74958de9edce67fc",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/f7acbd075dff4825b35b597b74958de9edce67fc"
}
]
},
"source": {
"advisory": "cdf00e14-38a7-4b6b-9bb4-3a71bf24e436",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0961",
"datePublished": "2022-03-15T14:55:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1504 (GCVE-0-2022-1504)
Vulnerability from cvelistv5
Published
2022-04-27 10:35
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T10:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e"
}
],
"source": {
"advisory": "b8e5c324-3dfe-46b4-8095-1697c6b0a6d6",
"discovery": "EXTERNAL"
},
"title": "XSS in /demo/module/?module=HERE in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1504",
"STATE": "PUBLIC",
"TITLE": "XSS in /demo/module/?module=HERE in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.15"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6"
},
{
"name": "https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e"
}
]
},
"source": {
"advisory": "b8e5c324-3dfe-46b4-8095-1697c6b0a6d6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1504",
"datePublished": "2022-04-27T10:35:09",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5318 (GCVE-0-2023-5318)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5318",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:21:58.217627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:22:16.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:17.339Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d"
},
{
"url": "https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0"
}
],
"source": {
"advisory": "17826bdd-8136-48ae-afb9-af627cb6fd5d",
"discovery": "EXTERNAL"
},
"title": "Use of Hard-coded Credentials in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5318",
"datePublished": "2023-09-30T00:00:17.339Z",
"dateReserved": "2023-09-30T00:00:06.857Z",
"dateUpdated": "2024-09-23T16:22:16.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6599 (GCVE-0-2023-6599)
Vulnerability from cvelistv5
Published
2023-12-08 00:00
Modified
2024-08-02 08:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-544 - Missing Standardized Error Handling Mechanism
Summary
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-544",
"description": "CWE-544 Missing Standardized Error Handling Mechanism",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T00:00:32.714Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e"
},
{
"url": "https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd"
}
],
"source": {
"advisory": "6198785c-bf60-422e-9b80-68a6e658a10e",
"discovery": "EXTERNAL"
},
"title": "Missing Standardized Error Handling Mechanism in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6599",
"datePublished": "2023-12-08T00:00:32.714Z",
"dateReserved": "2023-12-08T00:00:10.842Z",
"dateUpdated": "2024-08-02T08:35:14.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0278 (GCVE-0-2022-0278)
Vulnerability from cvelistv5
Published
2022-01-20 10:10
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b64ef574b82dbf89a908e1569d790c7012d1ccd7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-20T10:10:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b64ef574b82dbf89a908e1569d790c7012d1ccd7"
}
],
"source": {
"advisory": "64495d0f-d5ec-4542-9693-32372c18d030",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0278",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030"
},
{
"name": "https://github.com/microweber/microweber/commit/b64ef574b82dbf89a908e1569d790c7012d1ccd7",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b64ef574b82dbf89a908e1569d790c7012d1ccd7"
}
]
},
"source": {
"advisory": "64495d0f-d5ec-4542-9693-32372c18d030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0278",
"datePublished": "2022-01-20T10:10:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0557 (GCVE-0-2022-0557)
Vulnerability from cvelistv5
Published
2022-02-11 08:45
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Summary
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T01:21:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50768"
}
],
"source": {
"advisory": "660c89af-2de5-41bc-aada-9e4e78142db8",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0557",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8"
},
{
"name": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632"
},
{
"name": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html"
},
{
"name": "https://www.exploit-db.com/exploits/50768",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50768"
}
]
},
"source": {
"advisory": "660c89af-2de5-41bc-aada-9e4e78142db8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0557",
"datePublished": "2022-02-11T08:45:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0921 (GCVE-0-2022-0921)
Vulnerability from cvelistv5
Published
2022-03-11 17:25
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e368be37-1cb4-4292-8d48-07132725f622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/867bdda1b4660b0795ad7f87ab5abe9e44b2b318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T17:25:08",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e368be37-1cb4-4292-8d48-07132725f622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/867bdda1b4660b0795ad7f87ab5abe9e44b2b318"
}
],
"source": {
"advisory": "e368be37-1cb4-4292-8d48-07132725f622",
"discovery": "EXTERNAL"
},
"title": "Abusing Backup/Restore feature to achieve Remote Code Execution in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0921",
"STATE": "PUBLIC",
"TITLE": "Abusing Backup/Restore feature to achieve Remote Code Execution in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e368be37-1cb4-4292-8d48-07132725f622",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e368be37-1cb4-4292-8d48-07132725f622"
},
{
"name": "https://github.com/microweber/microweber/commit/867bdda1b4660b0795ad7f87ab5abe9e44b2b318",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/867bdda1b4660b0795ad7f87ab5abe9e44b2b318"
}
]
},
"source": {
"advisory": "e368be37-1cb4-4292-8d48-07132725f622",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0921",
"datePublished": "2022-03-11T17:25:09",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0379 (GCVE-0-2022-0379)
Vulnerability from cvelistv5
Published
2022-01-26 15:25
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T15:25:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7b"
}
],
"source": {
"advisory": "933f94b8-c5e7-4c3a-92e0-4d1577d5fee6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0379",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6"
},
{
"name": "https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7b",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7b"
}
]
},
"source": {
"advisory": "933f94b8-c5e7-4c3a-92e0-4d1577d5fee6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0379",
"datePublished": "2022-01-26T15:25:10",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2495 (GCVE-0-2022-2495)
Vulnerability from cvelistv5
Published
2022-07-22 03:48
Modified
2024-08-03 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T03:48:29",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f"
}
],
"source": {
"advisory": "00affb69-275d-4f4c-b419-437922bc7798",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2495",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.21"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798"
},
{
"name": "https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f"
}
]
},
"source": {
"advisory": "00affb69-275d-4f4c-b419-437922bc7798",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2495",
"datePublished": "2022-07-22T03:48:29",
"dateReserved": "2022-07-20T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0777 (GCVE-0-2022-0777)
Vulnerability from cvelistv5
Published
2022-03-01 08:50
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Summary
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T08:50:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f"
}
],
"source": {
"advisory": "b36be8cd-544f-42bd-990d-aa1a46df44d7",
"discovery": "EXTERNAL"
},
"title": "Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0777",
"STATE": "PUBLIC",
"TITLE": "Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7"
},
{
"name": "https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f"
}
]
},
"source": {
"advisory": "b36be8cd-544f-42bd-990d-aa1a46df44d7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0777",
"datePublished": "2022-03-01T08:50:09",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0721 (GCVE-0-2022-0721)
Vulnerability from cvelistv5
Published
2022-02-23 10:30
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-215 - Insertion of Sensitive Information Into Debugging Code
Summary
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215 Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T10:30:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec"
}
],
"source": {
"advisory": "ae267d39-9750-4c69-be8b-4f915da089fb",
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information Into Debugging Code in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0721",
"STATE": "PUBLIC",
"TITLE": "Insertion of Sensitive Information Into Debugging Code in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-215 Insertion of Sensitive Information Into Debugging Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb"
},
{
"name": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec"
}
]
},
"source": {
"advisory": "ae267d39-9750-4c69-be8b-4f915da089fb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0721",
"datePublished": "2022-02-23T10:30:11",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1631 (GCVE-0-2022-1631)
Vulnerability from cvelistv5
Published
2022-05-09 14:10
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim\u2019s Email. This allows an attacker to gain pre-authentication to the victim\u2019s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker\u2019s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee\u2019s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee\u2019s account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T17:06:26",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html"
}
],
"source": {
"advisory": "5494e258-5c7b-44b4-b443-85cff7ae0ba4",
"discovery": "EXTERNAL"
},
"title": "Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1631",
"STATE": "PUBLIC",
"TITLE": "Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.15"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim\u2019s Email. This allows an attacker to gain pre-authentication to the victim\u2019s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker\u2019s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee\u2019s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee\u2019s account."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4"
},
{
"name": "https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38"
},
{
"name": "http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html"
}
]
},
"source": {
"advisory": "5494e258-5c7b-44b4-b443-85cff7ae0ba4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1631",
"datePublished": "2022-05-09T14:10:10",
"dateReserved": "2022-05-09T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0608 (GCVE-0-2023-0608)
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-03-26 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0608",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T20:18:49.882235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T20:18:57.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"
},
{
"url": "https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c"
}
],
"source": {
"advisory": "02a86e0d-dff7-4e27-89d5-2f7dcd4b580c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0608",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2023-02-01T00:00:00.000Z",
"dateUpdated": "2025-03-26T20:18:57.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0719 (GCVE-0-2022-0719)
Vulnerability from cvelistv5
Published
2022-02-23 10:15
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T10:15:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a"
}
],
"source": {
"advisory": "bcdce15b-7f40-4971-a061-c25c6053c312",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0719",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312"
},
{
"name": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a"
}
]
},
"source": {
"advisory": "bcdce15b-7f40-4971-a061-c25c6053c312",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0719",
"datePublished": "2022-02-23T10:15:12",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0638 (GCVE-0-2022-0638)
Vulnerability from cvelistv5
Published
2022-02-17 16:30
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/756096da1260f29ff6f4532234d93d8e41dd5aa8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T16:30:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/756096da1260f29ff6f4532234d93d8e41dd5aa8"
}
],
"source": {
"advisory": "9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0638",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3"
},
{
"name": "https://github.com/microweber/microweber/commit/756096da1260f29ff6f4532234d93d8e41dd5aa8",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/756096da1260f29ff6f4532234d93d8e41dd5aa8"
}
]
},
"source": {
"advisory": "9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0638",
"datePublished": "2022-02-17T16:30:17",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6832 (GCVE-0-2023-6832)
Vulnerability from cvelistv5
Published
2023-12-15 00:00
Modified
2024-11-27 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T17:05:25.183229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:05:43.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T00:00:34.102Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376"
},
{
"url": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee"
}
],
"source": {
"advisory": "53105a20-f4b1-45ad-a734-0349de6d7376",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6832",
"datePublished": "2023-12-15T00:00:34.102Z",
"dateReserved": "2023-12-15T00:00:12.303Z",
"dateUpdated": "2024-11-27T17:05:43.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0505 (GCVE-0-2022-0505)
Vulnerability from cvelistv5
Published
2022-02-08 08:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/65b5a243-3f0c-4df3-9bab-898332180968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/63447b369973724f0d352a006f25af6ff71ae292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T08:55:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/65b5a243-3f0c-4df3-9bab-898332180968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/63447b369973724f0d352a006f25af6ff71ae292"
}
],
"source": {
"advisory": "65b5a243-3f0c-4df3-9bab-898332180968",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0505",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/65b5a243-3f0c-4df3-9bab-898332180968",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/65b5a243-3f0c-4df3-9bab-898332180968"
},
{
"name": "https://github.com/microweber/microweber/commit/63447b369973724f0d352a006f25af6ff71ae292",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/63447b369973724f0d352a006f25af6ff71ae292"
}
]
},
"source": {
"advisory": "65b5a243-3f0c-4df3-9bab-898332180968",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0505",
"datePublished": "2022-02-08T08:55:16",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-02T23:32:45.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5861 (GCVE-0-2023-5861)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5861",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:52:21.787701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:52:50.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:18.866Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220"
},
{
"url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26"
}
],
"source": {
"advisory": "7baecef8-6c59-42fc-bced-886c4929e220",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5861",
"datePublished": "2023-10-31T00:00:18.866Z",
"dateReserved": "2023-10-31T00:00:06.133Z",
"dateUpdated": "2024-09-05T17:52:50.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0963 (GCVE-0-2022-0963)
Vulnerability from cvelistv5
Published
2022-03-15 15:30
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:30:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08"
}
],
"source": {
"advisory": "a89a4198-0880-4aa2-8439-a463f39f244c",
"discovery": "EXTERNAL"
},
"title": "Unrestricted XML Files Leads to Stored XSS in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0963",
"STATE": "PUBLIC",
"TITLE": "Unrestricted XML Files Leads to Stored XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c"
},
{
"name": "https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08"
}
]
},
"source": {
"advisory": "a89a4198-0880-4aa2-8439-a463f39f244c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0963",
"datePublished": "2022-03-15T15:30:13",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1881 (GCVE-0-2023-1881)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1881",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:49:59.435932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:50:03.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"
},
{
"url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183"
}
],
"source": {
"advisory": "d5ebc2bd-8638-41c4-bf72-7c906c601344",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1881",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:50:03.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0506 (GCVE-0-2022-0506)
Vulnerability from cvelistv5
Published
2022-02-08 08:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0a5ec24c-343e-4cc4-b27b-2beb19a1c35f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/05d55f2befb1b25375ca5371875ff535d6cc5f70"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T08:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0a5ec24c-343e-4cc4-b27b-2beb19a1c35f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/05d55f2befb1b25375ca5371875ff535d6cc5f70"
}
],
"source": {
"advisory": "0a5ec24c-343e-4cc4-b27b-2beb19a1c35f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0506",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0a5ec24c-343e-4cc4-b27b-2beb19a1c35f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0a5ec24c-343e-4cc4-b27b-2beb19a1c35f"
},
{
"name": "https://github.com/microweber/microweber/commit/05d55f2befb1b25375ca5371875ff535d6cc5f70",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/05d55f2befb1b25375ca5371875ff535d6cc5f70"
}
]
},
"source": {
"advisory": "0a5ec24c-343e-4cc4-b27b-2beb19a1c35f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0506",
"datePublished": "2022-02-08T08:55:10",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-02T23:32:45.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2239 (GCVE-0-2023-2239)
Vulnerability from cvelistv5
Published
2023-04-22 00:00
Modified
2025-02-04 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Summary
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:13.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b0644cb3411b36b6ccc2ff7cdf7af3fa49525baa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2239",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:35:13.371766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:35:15.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868"
},
{
"url": "https://github.com/microweber/microweber/commit/b0644cb3411b36b6ccc2ff7cdf7af3fa49525baa"
}
],
"source": {
"advisory": "edeff16b-fc71-4e26-8d2d-dfe7bb5e7868",
"discovery": "EXTERNAL"
},
"title": "Exposure of Private Personal Information to an Unauthorized Actor in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2239",
"datePublished": "2023-04-22T00:00:00.000Z",
"dateReserved": "2023-04-22T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:35:15.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0560 (GCVE-0-2022-0560)
Vulnerability from cvelistv5
Published
2022-02-11 12:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site
Summary
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T12:55:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63"
}
],
"source": {
"advisory": "c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0560",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25"
},
{
"name": "https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63"
}
]
},
"source": {
"advisory": "c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0560",
"datePublished": "2022-02-11T12:55:11",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0929 (GCVE-0-2022-0929)
Vulnerability from cvelistv5
Published
2022-03-12 10:40
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/66abf7ec-2dd7-4cb7-87f5-e91375883f03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/de6d17b52d261902653fbdd2ecefcaac82e54256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-12T10:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/66abf7ec-2dd7-4cb7-87f5-e91375883f03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/de6d17b52d261902653fbdd2ecefcaac82e54256"
}
],
"source": {
"advisory": "66abf7ec-2dd7-4cb7-87f5-e91375883f03",
"discovery": "EXTERNAL"
},
"title": "XSS on dynamic_text module in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0929",
"STATE": "PUBLIC",
"TITLE": "XSS on dynamic_text module in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/66abf7ec-2dd7-4cb7-87f5-e91375883f03",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/66abf7ec-2dd7-4cb7-87f5-e91375883f03"
},
{
"name": "https://github.com/microweber/microweber/commit/de6d17b52d261902653fbdd2ecefcaac82e54256",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/de6d17b52d261902653fbdd2ecefcaac82e54256"
}
]
},
"source": {
"advisory": "66abf7ec-2dd7-4cb7-87f5-e91375883f03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0929",
"datePublished": "2022-03-12T10:40:09",
"dateReserved": "2022-03-11T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0281 (GCVE-0-2022-0281)
Vulnerability from cvelistv5
Published
2022-01-20 11:10
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/315f5ac6-1b5e-4444-ad8f-802371da3505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-20T11:10:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/315f5ac6-1b5e-4444-ad8f-802371da3505"
}
],
"source": {
"advisory": "315f5ac6-1b5e-4444-ad8f-802371da3505",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0281",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6"
},
{
"name": "https://huntr.dev/bounties/315f5ac6-1b5e-4444-ad8f-802371da3505",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/315f5ac6-1b5e-4444-ad8f-802371da3505"
}
]
},
"source": {
"advisory": "315f5ac6-1b5e-4444-ad8f-802371da3505",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0281",
"datePublished": "2022-01-20T11:10:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5244 (GCVE-0-2023-5244)
Vulnerability from cvelistv5
Published
2023-09-28 00:00
Modified
2024-09-23 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T19:10:08.190981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:10:18.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T00:00:18.652Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470"
},
{
"url": "https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968"
}
],
"source": {
"advisory": "a3bd58ba-ca59-4cba-85d1-799f73a76470",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5244",
"datePublished": "2023-09-28T00:00:18.652Z",
"dateReserved": "2023-09-28T00:00:06.091Z",
"dateUpdated": "2024-09-23T19:10:18.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0558 (GCVE-0-2022-0558)
Vulnerability from cvelistv5
Published
2022-02-10 09:40
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fffc95f-14ae-457b-aecc-be4716a8b91c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/14a1bb971bcb8b5456c2bf0020c3018907a2704d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T09:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fffc95f-14ae-457b-aecc-be4716a8b91c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/14a1bb971bcb8b5456c2bf0020c3018907a2704d"
}
],
"source": {
"advisory": "8fffc95f-14ae-457b-aecc-be4716a8b91c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0558",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8fffc95f-14ae-457b-aecc-be4716a8b91c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fffc95f-14ae-457b-aecc-be4716a8b91c"
},
{
"name": "https://github.com/microweber/microweber/commit/14a1bb971bcb8b5456c2bf0020c3018907a2704d",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/14a1bb971bcb8b5456c2bf0020c3018907a2704d"
}
]
},
"source": {
"advisory": "8fffc95f-14ae-457b-aecc-be4716a8b91c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0558",
"datePublished": "2022-02-10T09:40:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3245 (GCVE-0-2022-3245)
Vulnerability from cvelistv5
Published
2022-09-20 13:15
Modified
2025-05-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3245",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T18:08:10.041956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T18:08:26.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T13:15:19.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc"
}
],
"source": {
"advisory": "747c2924-95ca-4311-9e69-58ee0fb440a0",
"discovery": "EXTERNAL"
},
"title": " Code Injection in display of tag title on saving tags in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3245",
"STATE": "PUBLIC",
"TITLE": " Code Injection in display of tag title on saving tags in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0"
},
{
"name": "https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc"
}
]
},
"source": {
"advisory": "747c2924-95ca-4311-9e69-58ee0fb440a0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3245",
"datePublished": "2022-09-20T13:15:20.000Z",
"dateReserved": "2022-09-20T00:00:00.000Z",
"dateUpdated": "2025-05-27T18:08:26.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0678 (GCVE-0-2022-0678)
Vulnerability from cvelistv5
Published
2022-02-19 10:50
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/2b8fa5aac31e51e2aca83c7ef5d1281ba2e755f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T10:50:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/2b8fa5aac31e51e2aca83c7ef5d1281ba2e755f8"
}
],
"source": {
"advisory": "d707137a-aace-44c5-b15c-1807035716c0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0678",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0"
},
{
"name": "https://github.com/microweber/microweber/commit/2b8fa5aac31e51e2aca83c7ef5d1281ba2e755f8",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/2b8fa5aac31e51e2aca83c7ef5d1281ba2e755f8"
}
]
},
"source": {
"advisory": "d707137a-aace-44c5-b15c-1807035716c0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0678",
"datePublished": "2022-02-19T10:50:09",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1081 (GCVE-0-2023-1081)
Vulnerability from cvelistv5
Published
2023-02-28 00:00
Modified
2024-08-02 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba"
},
{
"url": "https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1"
}
],
"source": {
"advisory": "cf59deed-9d43-4552-acfd-43f38f3aabba",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1081",
"datePublished": "2023-02-28T00:00:00",
"dateReserved": "2023-02-28T00:00:00",
"dateUpdated": "2024-08-02T05:32:46.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2368 (GCVE-0-2022-2368)
Vulnerability from cvelistv5
Published
2022-07-11 08:00
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T07:49:59.122Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302"
}
],
"source": {
"advisory": "a9595eda-a5e0-4717-8d64-b445ef83f452",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Spoofing in microweber/microweber",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2368",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.20"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452"
},
{
"name": "https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302"
}
]
},
"source": {
"advisory": "a9595eda-a5e0-4717-8d64-b445ef83f452",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2368",
"datePublished": "2022-07-11T08:00:13",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6566 (GCVE-0-2023-6566)
Vulnerability from cvelistv5
Published
2023-12-07 00:00
Modified
2024-08-02 08:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/eee0c6771e152022a91089a547272c8a542bb74e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T00:00:32.767Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6"
},
{
"url": "https://github.com/microweber/microweber/commit/eee0c6771e152022a91089a547272c8a542bb74e"
}
],
"source": {
"advisory": "cf4b68b5-8d97-4d05-9cde-e76b1a414fd6",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6566",
"datePublished": "2023-12-07T00:00:32.767Z",
"dateReserved": "2023-12-07T00:00:11.565Z",
"dateUpdated": "2024-08-02T08:35:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0504 (GCVE-0-2022-0504)
Vulnerability from cvelistv5
Published
2022-02-08 08:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/285ff8a0-a273-4d62-ba01-3e4b4e18467b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/e607e5f745cd99d5c06a7fce16b3577fab8e1250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T08:55:21",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/285ff8a0-a273-4d62-ba01-3e4b4e18467b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/e607e5f745cd99d5c06a7fce16b3577fab8e1250"
}
],
"source": {
"advisory": "285ff8a0-a273-4d62-ba01-3e4b4e18467b",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0504",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/285ff8a0-a273-4d62-ba01-3e4b4e18467b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/285ff8a0-a273-4d62-ba01-3e4b4e18467b"
},
{
"name": "https://github.com/microweber/microweber/commit/e607e5f745cd99d5c06a7fce16b3577fab8e1250",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/e607e5f745cd99d5c06a7fce16b3577fab8e1250"
}
]
},
"source": {
"advisory": "285ff8a0-a273-4d62-ba01-3e4b4e18467b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0504",
"datePublished": "2022-02-08T08:55:21",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-02T23:32:45.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2240 (GCVE-0-2023-2240)
Vulnerability from cvelistv5
Published
2023-04-22 00:00
Modified
2025-02-04 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:13.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f595559-7b4b-4b00-954c-7a627766e203"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f43d5b767ad5814fc5f84bbaf0b77996262f3a4b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2240",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:34:06.985291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:34:15.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8f595559-7b4b-4b00-954c-7a627766e203"
},
{
"url": "https://github.com/microweber/microweber/commit/f43d5b767ad5814fc5f84bbaf0b77996262f3a4b"
}
],
"source": {
"advisory": "8f595559-7b4b-4b00-954c-7a627766e203",
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2240",
"datePublished": "2023-04-22T00:00:00.000Z",
"dateReserved": "2023-04-22T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:34:15.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0282 (GCVE-0-2022-0282)
Vulnerability from cvelistv5
Published
2022-01-20 11:15
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting in Packagist microweber/microweber prior to 1.2.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:50:26.733Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a"
}
],
"source": {
"advisory": "8815b642-bd9b-4737-951b-bde7319faedd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in microweber/microweber",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0282",
"STATE": "PUBLIC",
"TITLE": " Code Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd"
},
{
"name": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a"
}
]
},
"source": {
"advisory": "8815b642-bd9b-4737-951b-bde7319faedd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0282",
"datePublished": "2022-01-20T11:15:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2300 (GCVE-0-2022-2300)
Vulnerability from cvelistv5
Published
2022-07-04 10:35
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T10:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e"
}
],
"source": {
"advisory": "882d6cf9-64f5-4614-a873-a3030473c817",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2300",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.19"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817"
},
{
"name": "https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e"
}
]
},
"source": {
"advisory": "882d6cf9-64f5-4614-a873-a3030473c817",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2300",
"datePublished": "2022-07-04T10:35:10",
"dateReserved": "2022-07-04T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2130 (GCVE-0-2022-2130)
Vulnerability from cvelistv5
Published
2022-06-20 08:45
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T08:45:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24"
}
],
"source": {
"advisory": "0142970a-5cb8-4dba-8bbc-4fa2f3bee65c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2130",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.17"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c"
},
{
"name": "https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24"
}
]
},
"source": {
"advisory": "0142970a-5cb8-4dba-8bbc-4fa2f3bee65c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2130",
"datePublished": "2022-06-20T08:45:15",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0912 (GCVE-0-2022-0912)
Vulnerability from cvelistv5
Published
2022-03-11 09:11
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ae5bb359-7e53-498b-848e-540c05b44c54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/24245297231f5dc88bb3a2b20d0e4e25b0ebc789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:11:05",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ae5bb359-7e53-498b-848e-540c05b44c54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/24245297231f5dc88bb3a2b20d0e4e25b0ebc789"
}
],
"source": {
"advisory": "ae5bb359-7e53-498b-848e-540c05b44c54",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0912",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ae5bb359-7e53-498b-848e-540c05b44c54",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ae5bb359-7e53-498b-848e-540c05b44c54"
},
{
"name": "https://github.com/microweber/microweber/commit/24245297231f5dc88bb3a2b20d0e4e25b0ebc789",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/24245297231f5dc88bb3a2b20d0e4e25b0ebc789"
}
]
},
"source": {
"advisory": "ae5bb359-7e53-498b-848e-540c05b44c54",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0912",
"datePublished": "2022-03-11T09:11:05",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1555 (GCVE-0-2022-1555)
Vulnerability from cvelistv5
Published
2022-05-04 08:30
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie..."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-04T08:30:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f"
}
],
"source": {
"advisory": "d9f9b5bd-16f3-4eaa-9e36-d4958b557687",
"discovery": "EXTERNAL"
},
"title": "DOM XSS in microweber ver 1.2.15 in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1555",
"STATE": "PUBLIC",
"TITLE": "DOM XSS in microweber ver 1.2.15 in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.16"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie..."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687"
},
{
"name": "https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f"
}
]
},
"source": {
"advisory": "d9f9b5bd-16f3-4eaa-9e36-d4958b557687",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1555",
"datePublished": "2022-05-04T08:30:12",
"dateReserved": "2022-05-03T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0762 (GCVE-0-2022-0762)
Vulnerability from cvelistv5
Published
2022-02-26 09:35
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization in GitHub repository microweber/microweber prior to 1.3.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:43:32.038Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3"
}
],
"source": {
"advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48",
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization in microweber/microweber",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0762",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48"
},
{
"name": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3"
}
]
},
"source": {
"advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0762",
"datePublished": "2022-02-26T09:35:11",
"dateReserved": "2022-02-25T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0913 (GCVE-0-2022-0913)
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f5f3e468-663b-4df0-8340-a2d77e4cc75f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/7559e141d0707f8eeff2f9aeaa5a0ca2e3fe6583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:58",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f5f3e468-663b-4df0-8340-a2d77e4cc75f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/7559e141d0707f8eeff2f9aeaa5a0ca2e3fe6583"
}
],
"source": {
"advisory": "f5f3e468-663b-4df0-8340-a2d77e4cc75f",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0913",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow or Wraparound in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f5f3e468-663b-4df0-8340-a2d77e4cc75f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f5f3e468-663b-4df0-8340-a2d77e4cc75f"
},
{
"name": "https://github.com/microweber/microweber/commit/7559e141d0707f8eeff2f9aeaa5a0ca2e3fe6583",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/7559e141d0707f8eeff2f9aeaa5a0ca2e3fe6583"
}
]
},
"source": {
"advisory": "f5f3e468-663b-4df0-8340-a2d77e4cc75f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0913",
"datePublished": "2022-03-11T09:10:58",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2280 (GCVE-0-2022-2280)
Vulnerability from cvelistv5
Published
2022-07-01 08:15
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T08:15:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566"
}
],
"source": {
"advisory": "22561bfd-a28f-474e-9bfd-7263c1b71133",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2280",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.19"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133"
},
{
"name": "https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566"
}
]
},
"source": {
"advisory": "22561bfd-a28f-474e-9bfd-7263c1b71133",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2280",
"datePublished": "2022-07-01T08:15:14",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0689 (GCVE-0-2022-0689)
Vulnerability from cvelistv5
Published
2022-02-19 15:45
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa5dbbd3-97fe-41a9-8797-2e54d9a9c649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/c3c25ae6c421bb4a65df9e0035edcc2f75594a04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T15:45:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa5dbbd3-97fe-41a9-8797-2e54d9a9c649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/c3c25ae6c421bb4a65df9e0035edcc2f75594a04"
}
],
"source": {
"advisory": "fa5dbbd3-97fe-41a9-8797-2e54d9a9c649",
"discovery": "EXTERNAL"
},
"title": "Use multiple time the one-time coupon in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0689",
"STATE": "PUBLIC",
"TITLE": "Use multiple time the one-time coupon in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fa5dbbd3-97fe-41a9-8797-2e54d9a9c649",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa5dbbd3-97fe-41a9-8797-2e54d9a9c649"
},
{
"name": "https://github.com/microweber/microweber/commit/c3c25ae6c421bb4a65df9e0035edcc2f75594a04",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c3c25ae6c421bb4a65df9e0035edcc2f75594a04"
}
]
},
"source": {
"advisory": "fa5dbbd3-97fe-41a9-8797-2e54d9a9c649",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0689",
"datePublished": "2022-02-19T15:45:10",
"dateReserved": "2022-02-19T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0926 (GCVE-0-2022-0926)
Vulnerability from cvelistv5
Published
2022-03-12 10:05
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dc5d1555-0108-4627-b542-93352f35fa17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/89200cfcc2cfefe5554721e7fa3cf52f6a2a9120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-12T10:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dc5d1555-0108-4627-b542-93352f35fa17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/89200cfcc2cfefe5554721e7fa3cf52f6a2a9120"
}
],
"source": {
"advisory": "dc5d1555-0108-4627-b542-93352f35fa17",
"discovery": "EXTERNAL"
},
"title": "File upload filter bypass leading to stored XSS in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0926",
"STATE": "PUBLIC",
"TITLE": "File upload filter bypass leading to stored XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dc5d1555-0108-4627-b542-93352f35fa17",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dc5d1555-0108-4627-b542-93352f35fa17"
},
{
"name": "https://github.com/microweber/microweber/commit/89200cfcc2cfefe5554721e7fa3cf52f6a2a9120",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/89200cfcc2cfefe5554721e7fa3cf52f6a2a9120"
}
]
},
"source": {
"advisory": "dc5d1555-0108-4627-b542-93352f35fa17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0926",
"datePublished": "2022-03-12T10:05:10",
"dateReserved": "2022-03-11T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5976 (GCVE-0-2023-5976)
Vulnerability from cvelistv5
Published
2023-11-07 00:00
Modified
2024-09-04 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:05:02.903292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:06:15.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T00:00:32.825Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa"
},
{
"url": "https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a"
}
],
"source": {
"advisory": "2004e4a9-c5f6-406a-89b0-571f808882fa",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-5976",
"datePublished": "2023-11-07T00:00:32.825Z",
"dateReserved": "2023-11-07T00:00:11.701Z",
"dateUpdated": "2024-09-04T19:06:15.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2014 (GCVE-0-2023-2014)
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2025-02-06 21:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2014",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:37:48.156580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:39:55.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a"
},
{
"url": "https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3"
}
],
"source": {
"advisory": "a77bf7ed-6b61-452e-b5ee-e20017e28d1a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2014",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-04-13T00:00:00.000Z",
"dateUpdated": "2025-02-06T21:39:55.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0660 (GCVE-0-2022-0660)
Vulnerability from cvelistv5
Published
2022-02-18 11:10
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T11:10:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a"
}
],
"source": {
"advisory": "01fd2e0d-b8cf-487f-a16c-7b088ef3a291",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0660",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291"
},
{
"name": "https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a"
}
]
},
"source": {
"advisory": "01fd2e0d-b8cf-487f-a16c-7b088ef3a291",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0660",
"datePublished": "2022-02-18T11:10:10",
"dateReserved": "2022-02-17T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0954 (GCVE-0-2022-0954)
Vulnerability from cvelistv5
Published
2022-03-15 11:40
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop\u0027s Other Settings, Shop\u0027s Autorespond E-mail Settings and Shops\u0027 Payments Methods in GitHub repository microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T11:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7"
}
],
"source": {
"advisory": "b99517c0-37fc-4efa-ab1a-3591da7f4d26",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop\u0027s Other Settings, Shop\u0027s Autorespond E-mail Settings and Shops\u0027 Payments Methods in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0954",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop\u0027s Other Settings, Shop\u0027s Autorespond E-mail Settings and Shops\u0027 Payments Methods in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop\u0027s Other Settings, Shop\u0027s Autorespond E-mail Settings and Shops\u0027 Payments Methods in GitHub repository microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26"
},
{
"name": "https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7"
}
]
},
"source": {
"advisory": "b99517c0-37fc-4efa-ab1a-3591da7f4d26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0954",
"datePublished": "2022-03-15T11:40:09",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0666 (GCVE-0-2022-0666)
Vulnerability from cvelistv5
Published
2022-02-18 14:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Summary
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T14:55:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128"
}
],
"source": {
"advisory": "7215afc7-9133-4749-8e8e-0569317dbd55",
"discovery": "EXTERNAL"
},
"title": " CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0666",
"STATE": "PUBLIC",
"TITLE": " CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-93 Improper Neutralization of CRLF Sequences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55"
},
{
"name": "https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128"
}
]
},
"source": {
"advisory": "7215afc7-9133-4749-8e8e-0569317dbd55",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0666",
"datePublished": "2022-02-18T14:55:12",
"dateReserved": "2022-02-17T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4617 (GCVE-0-2022-4617)
Vulnerability from cvelistv5
Published
2022-12-21 00:00
Modified
2025-04-14 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:38.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:21:05.774988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:04:21.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df"
},
{
"url": "https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906"
}
],
"source": {
"advisory": "1fb2ce08-7016-45fa-b402-ec08d700e4df",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4617",
"datePublished": "2022-12-21T00:00:00.000Z",
"dateReserved": "2022-12-20T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:04:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1584 (GCVE-0-2022-1584)
Vulnerability from cvelistv5
Published
2022-05-04 17:00
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-04T17:00:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c"
}
],
"source": {
"advisory": "69f4ca67-d615-4f25-b2d1-19df7bf1107d",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1584",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.16"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d"
},
{
"name": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c"
}
]
},
"source": {
"advisory": "69f4ca67-d615-4f25-b2d1-19df7bf1107d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1584",
"datePublished": "2022-05-04T17:00:13",
"dateReserved": "2022-05-04T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0723 (GCVE-0-2022-0723)
Vulnerability from cvelistv5
Published
2022-02-26 10:45
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-26T10:45:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5"
}
],
"source": {
"advisory": "16b0547b-1bb3-493c-8a00-5b6a11fca1c5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0723",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5"
},
{
"name": "https://github.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5"
}
]
},
"source": {
"advisory": "16b0547b-1bb3-493c-8a00-5b6a11fca1c5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0723",
"datePublished": "2022-02-26T10:45:10",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0906 (GCVE-0-2022-0906)
Vulnerability from cvelistv5
Published
2022-03-10 14:55
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T14:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68"
}
],
"source": {
"advisory": "87ed3b42-9824-49b0-91a5-fd908a0601e8",
"discovery": "EXTERNAL"
},
"title": "Unrestricted file upload leads to stored XSS in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0906",
"STATE": "PUBLIC",
"TITLE": "Unrestricted file upload leads to stored XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.12"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8"
},
{
"name": "https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68"
}
]
},
"source": {
"advisory": "87ed3b42-9824-49b0-91a5-fd908a0601e8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0906",
"datePublished": "2022-03-10T14:55:10",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2353 (GCVE-0-2022-2353)
Vulnerability from cvelistv5
Published
2022-07-09 00:00
Modified
2024-08-03 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52"
},
{
"url": "https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130"
}
],
"source": {
"advisory": "7782c095-9e8c-48b0-a7f5-3a8f52e8af52",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2353",
"datePublished": "2022-07-09T00:00:00",
"dateReserved": "2022-07-08T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0378 (GCVE-0-2022-0378)
Vulnerability from cvelistv5
Published
2022-01-26 15:25
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.2.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T15:25:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce"
}
],
"source": {
"advisory": "529b65c0-5be7-49d4-9419-f905b8153d31",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0378",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31"
},
{
"name": "https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce"
}
]
},
"source": {
"advisory": "529b65c0-5be7-49d4-9419-f905b8153d31",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0378",
"datePublished": "2022-01-26T15:25:16",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1877 (GCVE-0-2023-1877)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:41:00.466135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:41:04.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command Injection in GitHub repository microweber/microweber prior to 1.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"
},
{
"url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d"
}
],
"source": {
"advisory": "71fe4b3b-20ac-448c-8191-7b99d7ffaf55",
"discovery": "EXTERNAL"
},
"title": "Command Injection in microweber/microweber"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1877",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:41:04.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}