Microweber 漏洞列表

Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.

Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.

Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.

Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Cross-site Scripting (XSS) vulnerability in the /demo/editor_tools/module endpoint via the 'type' parameter.

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2.

Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.

Reflected Cross-Site Scripting (XSS) in the `id` parameter of the `live_edit.module_settings` API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.

Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users.

Microweber 存在跨站脚本漏洞，此漏洞是缺乏校验导致的。

Microweber存在HTML注入漏洞，此漏洞是由于对参数值缺乏恰当的处理导致的。

Packagist microweber prior存在反射型跨站脚本漏洞，此漏洞是由于登出时对跳转链接缺乏验证导致的。

Microweber CMS 系统存在XSS漏洞，此漏洞是由于module模块对用户提供的数据没有进行验证导致的。

Microweber<V.2.0存在XSS漏洞.

Microweber包含1.2.15之前Packagist Microweber/Microweber中反映的跨站点脚本。

Microweber包含1.2.11之前Packagist Microweber/Microweber中反映的跨站点脚本。

Microweber包含一个未授权接口访问漏洞，可获取username，email等数据。

Microweber是一个CMS系统，在开源代码托管平台有2.5k的start，该系统存在XSS漏洞。

Microweber是新一代的内容管理系统，允许您使用拖放功能创建网站。 您可以轻松操纵网页的内容和布局。 不需要编码技能。

Microweber是新一代的内容管理系统，允许您使用拖放功能创建网站。 您可以轻松操纵网页的内容和布局。 不需要编码技能。