Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.