Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.
A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.