Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

microweber — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting microweber. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Microweber is an open-source drag-and-drop content management system designed for website creation and e-commerce. Its architecture, built on the Laravel framework, has historically exposed it to a significant volume of security flaws, with eighty-one Common Vulnerabilities and Exposures currently recorded. The most prevalent issues involve remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and improper access controls. These vulnerabilities frequently allow attackers to escalate privileges or execute arbitrary commands on the underlying server. While no single catastrophic breach has defined its public history, the sheer number of disclosed defects indicates persistent maintenance challenges. Users must prioritize rigorous patching and configuration hardening to mitigate these risks, as the software’s modular nature can inadvertently expand the attack surface if third-party extensions are not similarly secured.

Top products by microweber: microweber/microweber microweber
CVE IDTitleCVSSSeverityPublished
CVE-2022-2252 Open Redirect in microweber/microweber — microweber/microweberCWE-601 6.1 -2022-06-29
CVE-2022-2174 Cross-site Scripting (XSS) - Reflected in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-06-22
CVE-2022-2130 Cross-site Scripting (XSS) - Reflected in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-06-20
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber — microweber/microweberCWE-284 8.8 -2022-05-09
CVE-2022-1584 Reflected XSS in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-05-04
CVE-2022-1555 DOM XSS in microweber ver 1.2.15 in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-05-04
CVE-2022-1504 XSS in /demo/module/?module=HERE in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-04-27
CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-04-22
CVE-2022-1036 Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber — microweber/microweberCWE-190 8.1 -2022-03-22
CVE-2022-0968 The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber — microweber/microweberCWE-190 6.2 -2022-03-15
CVE-2022-0963 Unrestricted XML Files Leads to Stored XSS in microweber/microweber — microweber/microweberCWE-79 5.4 -2022-03-15
CVE-2022-0961 The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber — microweber/microweberCWE-190 6.2 -2022-03-15
CVE-2022-0954 Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in microweber/microweber — microweber/microweberCWE-79 4.8 -2022-03-15
CVE-2022-0930 File upload filter bypass leading to stored XSS in microweber/microweber — microweber/microweberCWE-434 4.8 -2022-03-12
CVE-2022-0929 XSS on dynamic_text module in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-03-12
CVE-2022-0926 File upload filter bypass leading to stored XSS in microweber/microweber — microweber/microweberCWE-79 4.8 -2022-03-12
CVE-2022-0921 Abusing Backup/Restore feature to achieve Remote Code Execution in microweber/microweber — microweber/microweberCWE-94 7.2 -2022-03-11
CVE-2022-0928 Cross-site Scripting (XSS) - Stored in microweber/microweber — microweber/microweberCWE-79 4.8 -2022-03-11
CVE-2022-0912 Unrestricted Upload of File with Dangerous Type in microweber/microweber — microweber/microweberCWE-434 8.7 -2022-03-11
CVE-2022-0913 Integer Overflow or Wraparound in microweber/microweber — microweber/microweberCWE-190 7.5 -2022-03-11
CVE-2022-0906 Unrestricted file upload leads to stored XSS in microweber/microweber — microweber/microweberCWE-79 4.8 -2022-03-10
CVE-2022-0895 Static Code Injection in microweber/microweber — microweber/microweberCWE-96 9.8 -2022-03-10
CVE-2022-0896 Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber — microweber/microweberCWE-1336 7.1 -2022-03-09
CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber — microweber/microweberCWE-640 7.5 -2022-03-01
CVE-2022-0723 Cross-site Scripting (XSS) - Reflected in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-02-26
CVE-2022-0763 Cross-site Scripting (XSS) - Stored in microweber/microweber — microweber/microweberCWE-79 4.8 -2022-02-26
CVE-2022-0762 Incorrect Authorization in microweber/microweber — microweber/microweberCWE-863 5.5 Medium2022-02-26
CVE-2022-0724 Insecure Storage of Sensitive Information in microweber/microweber — microweber/microweberCWE-922 7.5 -2022-02-23
CVE-2022-0721 Insertion of Sensitive Information Into Debugging Code in microweber/microweber — microweber/microweberCWE-215 7.5 -2022-02-23
CVE-2022-0719 Cross-site Scripting (XSS) - Reflected in microweber/microweber — microweber/microweberCWE-79 6.1 -2022-02-23

This page lists every published CVE security advisory associated with microweber. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.