pkg:Packagist/microweber/microweber

105 total CVEsHIGH25MEDIUM69LOW3

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2023-49052Microweber file upload vulnerability
    from 0, <= 2.0.4
  • HIGH8.8CVE-2023-2240Improper Privilege Management in microweber
    from 0, < 1.3.4
  • HIGH8.8CVE-2022-33012Account Takeover Through Password Reset Poisoning
    from 0, <= 1.2.15
  • HIGH8.8CVE-2022-1631Incorrect Authorization in microweber
    from 0, < 1.2.15
  • HIGH8.8CVE-2022-0896Improper Neutralization of Special Elements Used in a Template Engine in microweber
    from 0, < 1.3
  • HIGH8.8CVE-2022-0721Insertion of Sensitive Information Into Debugging Code in Microweber
    from 0, < 1.3
  • HIGH8.8CVE-2022-0690Cross-site Scripting in microweber
    from 0, < 1.2.11
  • HIGH7.8CVE-2020-13241Microweber allows Unrestricted File Upload
    from 0, <= 1.1.18
  • HIGH7.8CVE-2022-0557OS Command Injection in Microweber
    from 0, < 1.2.11
  • HIGH7.7CVE-2022-0895Static Code Injection in Microweber
    from 0, < 1.3
  • HIGH7.6CVE-2022-0719Cross-site Scripting in Microweber
    from 0, < 1.3
  • HIGH7.6CVE-2022-0666CRLF Injection in microweber
    from 0, < 1.2.11
  • HIGH7.5CVE-2023-48122Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
    >= 2.0.1, < 2.0.4
  • HIGH7.5CVE-2020-13405Microweber Discloses Sensitive Information
    from 0, < 1.1.20
  • HIGH7.5CVE-2022-1036Integer Overflow or Wraparound in Microweber
    from 0, < 1.2.12
  • HIGH7.5CVE-2022-0913Integer Overflow or Wraparound in Microweber
    from 0, < 1.2.12
  • HIGH7.5CVE-2022-0777Rate limit missing in microweber
    from 0, < 1.3
  • HIGH7.5CVE-2022-0660Generation of Error Message Containing Sensitive Information in microweber
    from 0, < 1.2.11
  • HIGH7.5CVE-2022-0281Exposure of Sensitive Information to an Unauthorized Actor in microweber
    from 0, < 1.2.11
  • HIGH7.5CVE-2022-0282Code Injection in microweber
    from 0, < 1.2.11
  • HIGH7.4CVE-2023-1881Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
    from 0, < 1.3.3
  • HIGH7.2CVE-2022-4732Microweber vulnerable to unrestricted malicious uploads
    from 0, < 1.3.2
  • HIGH7.2CVE-2022-0968Integer Overflow in microweber
    from 0, <= 1.2.11
  • HIGH7.2CVE-2020-28337Zip slip in Microweber
    from 0, < 1.2.3
  • HIGH7.1CVE-2022-0961Denial of service in microweber
    from 0, <= 1.2.11
  • MEDIUM6.8CVE-2022-0954Stored Cross-site Scripting in Microweber
    from 0, < 1.2.12
  • MEDIUM6.8CVE-2022-0929Cross-site Scripting in microweber
    from 0, < 1.2.12
  • MEDIUM6.8CVE-2022-0928Cross-site Scripting in microweber
    from 0, < 1.2.12
  • MEDIUM6.7CVE-2022-0921Unrestricted Upload of File with Dangerous Type in Microweber
    from 0, < 1.2.12
  • MEDIUM6.6CVE-2022-2777Microweber's title parameter in the body of POST request vulnerable to stored XSS
    from 0, < 1.3.1
  • MEDIUM6.5CVE-2023-2239Information exposure in microweber
    from 0, < 1.3.4
  • MEDIUM6.5CVE-2022-2368Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
    from 0, < 1.2.21
  • MEDIUM6.5CVE-2022-0678Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM6.5CVE-2022-0505Cross-Site Request Forgery in microweber
    from 0, <= 1.2.10
  • MEDIUM6.5CVE-2022-0504Generation of Error Message Containing Sensitive Information in microweber
    from 0, <= 1.2.10
  • MEDIUM6.5CVE-2022-0277Microweber Incorrect Permission Assignment for Critical Resource vulnerability
    from 0, < 1.2.11
  • MEDIUM6.3CVE-2022-2353Microweber before v1.2.20 vulnerable to cross-site scripting
    from 0, < 1.2.20
  • MEDIUM6.3CVE-2022-1584Cross-site Scripting in Microweber
    from 0, < 1.2.16
  • MEDIUM6.3CVE-2022-1504Cross-site Scripting in microweber
    from 0, < 1.2.15
  • MEDIUM6.3CVE-2022-1439Cross-site Scripting in Microweber
    from 0, < 1.2.15
  • MEDIUM6.1CVE-2025-70791Microweber has a Cross-site Scripting vulnerability
    from 0, < 2.0.20
  • MEDIUM6.1CVE-2025-70792Microweber Cross-site Scripting vulnerability
    from 0, < 2.0.20
  • MEDIUM6.1CVE-2025-51502Microweber has Reflected XSS Vulnerability in the layout Parameter
    >= 2.0.0, <= 2.0.19
  • MEDIUM6.1CVE-2025-51501Microweber has Reflected XSS Vulnerability in the id Parameter
    >= 2.0.0, <= 2.0.19
  • MEDIUM6.1CVE-2024-40101Microweber Reflected Cross-site scripting (XSS) vulnerability
    from 0, < 2.0.16
  • MEDIUM6.1CVE-2024-41381Microweber Cross Site Scripting (XSS) vulnerability
    from 0, <= 2.0.16
  • MEDIUM6.1CVE-2024-41380Microweber Cross Site Scripting (XSS) vulnerability
    from 0, <= 2.0.16
  • MEDIUM6.1CVE-2023-5244Microweber Cross-site Scripting vulnerability
    from 0, <= 1.3.4
  • MEDIUM6.1CVE-2023-1877Microweber vulnerable to command injection
    from 0, < 1.3.3
  • MEDIUM6.1CVE-2021-32856Microweber Cross-site Scripting vulnerability
    from 0, <= 1.2.12
  • MEDIUM6.1CVE-2022-4647Microweber vulnerable to Stored Cross-Site Scripting
    from 0, <= 1.3.1
  • MEDIUM6.1CVE-2022-4617Microweber vulnerable to Reflected Cross-site Scripting
    from 0, <= 1.3.1
  • MEDIUM6.1CVE-2022-0698Microweber vulnerable to cross-site scripting (XSS)
    from 0, <= 1.3.1
  • MEDIUM6.1CVE-2022-3242Microweber Cross-site Scripting can result in redirection to a malicious site
    from 0, < 1.3.2
  • MEDIUM6.1CVE-2022-3245Microweber vulnerable to HTML Injection in create tag functionality
    from 0, < 1.3.2
  • MEDIUM6.1CVE-2022-2470Microweber before 1.2.21 vulnerable to reflected XSS
    from 0, < 1.2.21
  • MEDIUM6.1CVE-2022-2252Open Redirect in microweber
    from 0, < 1.2.19
  • MEDIUM6.1CVE-2022-2174Cross-site Scripting in Microweber
    from 0, < 1.2.18
  • MEDIUM6.1CVE-2022-2130Cross-site Scripting in Microweber
    from 0, <= 1.2.17
  • MEDIUM6.1CVE-2018-1000826Microweber XSS Vulnerability
    from 0, < 1.1
  • MEDIUM6.1CVE-2018-19917Microweber XSS Vulnerability
    from 0, <= 1.0.8
  • MEDIUM6.1CVE-2022-1555Microweber vulnerable to cross-site scripting (XSS)
    from 0, <= 1.2.15
  • MEDIUM6.1CVE-2022-0597Open redirect in microweber
    from 0, < 1.2.11
  • MEDIUM6.1CVE-2022-0560Open redirect in microweber
    from 0, < 1.2.11
  • MEDIUM6.0CVE-2023-6832Business Logic Errors in microweber/microweber
    from 0, < 2.0.0
  • MEDIUM5.9CVE-2023-6566Microweber Business Logic Errors
    from 0, < 2.0.0
  • MEDIUM5.8CVE-2023-5318Microweber uses hard coded credentials
    from 0, <= 1.3.4
  • MEDIUM5.5CVE-2020-23136Microweber Insufficient Session Expiry
  • MEDIUM5.4CVE-2023-47379Microweber Cross-site Scripting vulnerability
    from 0, < 2.0.3
  • MEDIUM5.4CVE-2023-3142Microweber Cross-site Scripting vulnerability
    from 0, <= 1.3.4
  • MEDIUM5.4CVE-2023-0608Microweber contains Cross-site Scripting
    from 0, < 1.3.2
  • MEDIUM5.4CVE-2022-2300Cross-site Scripting in microweber
    from 0, < 1.2.19
  • MEDIUM5.4CVE-2022-2280Cross-site Scripting in microweber
    from 0, < 1.2.19
  • MEDIUM5.4CVE-2022-0963Unrestricted XML files leading to cross-site scripting in Microweber
    from 0, < 1.2.12
  • MEDIUM5.4CVE-2022-0723Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM5.4CVE-2022-0558Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM5.4CVE-2022-0506Cross-site Scripting in microweber
    from 0, <= 1.2.10
  • MEDIUM5.4CVE-2022-0379Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM5.4CVE-2022-0378Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM5.4CVE-2022-0278Cross-site Scripting in microweber
    from 0, < 1.2.11
  • MEDIUM5.3CVE-2022-0689Business Logic Errors in microweber
    from 0, < 1.2.11
  • MEDIUM4.8CVE-2023-5861Cross-site Scripting (XSS) in microweber/microweber
    from 0, < 2.0.0
  • MEDIUM4.8CVE-2023-2014Microweber vulnerable to cross-site scripting (XSS)
    from 0, < 1.3.3
  • MEDIUM4.8CVE-2023-1081Microweber Cross-site Scripting vulnerability
    from 0, <= 1.3.2
  • MEDIUM4.8CVE-2022-2495Microweber Stored Cross-site Scripting before v1.2.20
    from 0, < 1.2.20
  • MEDIUM4.8CVE-2022-0926Cross-site Scripting in microweber
    from 0, < 1.2.12
  • MEDIUM4.8CVE-2022-0930Cross-site Scripting in microweber
    from 0, < 1.2.12
  • MEDIUM4.8CVE-2022-0912Unrestricted Upload of File with Dangerous Type in microweber
    from 0, < 1.2.12
  • MEDIUM4.8CVE-2022-0906Unrestricted file upload leads to stored cross-site scripting in Microweber
    from 0, < 1.2.12
  • MEDIUM4.8CVE-2022-0763Cross-site Scripting in microweber
    from 0, < 1.3
  • MEDIUM4.3CVE-2023-5976Microweber Improper Access Control vulnerability
    from 0, < 2.0.0
  • MEDIUM4.3CVE-2022-0762Exposure of Resource to Wrong Sphere in microweber
    from 0, < 1.3.0
  • MEDIUM4.3CVE-2022-0638Cross-Site Request Forgery microweber
    from 0, < 1.2.11
  • MEDIUM4.3CVE-2022-0596Microweber vulnerable to Improper Validation of Specified Quantity in Input
    from 0, < 1.2.11
  • LOW3.5CVE-2025-2214Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler
    from 0, <= 2.0.19
  • LOW3.1CVE-2023-6599Microweber missing standardized error handling mechanism
    from 0, < 2.0.0
  • LOW2.7CVE-2022-0688Business Logic Errors in microweber
    from 0, < 1.2.11
  • CVE-2025-51504Microweber XSS Vulnerability in the homepage Endpoint
    >= 2.0.0, <= 2.0.19
  • CVE-2025-51503Microweber Has Stored XSS Vulnerability in User Profile Fields
    >= 2.0.0, <= 2.0.19
  • CVE-2025-34076Microweber CMS API has authenticated local file inclusion vulnerability
    from 0, < 1.2.11
  • CVE-2024-33299Microweber Cross-site Scripting vulnerability
    from 0, <= 2.0.9
  • CVE-2024-33298Microweber Cross-site Scripting vulnerability
    from 0, <= 2.0.9
  • CVE-2024-33297Microweber Cross-site Scripting vulnerability
    from 0, <= 2.0.9
  • CVE-2022-0724Insecure Storage of Sensitive Information in Microweber
    from 0, < 1.3
  • CVE-2021-33988Cross Site Scripting in Microweber
    from 0, < 1.2.8