Security Advisories - microweber/microweber

microweber/microweber Security Advisories for 2.0.1.x-dev (16)

[LOW] Microweber has a Cross-site Scripting vulnerability

PKSA-6k48-bbzp-nbmm CVE-2025-70791 GHSA-5jg5-xqfw-rv92

Affected version: <2.0.20

Reported by:
GitHub
[LOW] Microweber Cross-site Scripting vulnerability

PKSA-s4vd-hp6c-hhgj CVE-2025-70792 GHSA-6w5w-jx4x-vjvw

Affected version: <2.0.20

Reported by:
GitHub
[MEDIUM] Microweber has Reflected XSS Vulnerability in the id Parameter

PKSA-4smc-cjbc-nnyz CVE-2025-51501 GHSA-8357-fjvx-xrm8

Affected version: >=2.0.0,<=2.0.19

Reported by:
GitHub
[MEDIUM] Microweber has Reflected XSS Vulnerability in the layout Parameter

PKSA-khrd-2cvv-myms CVE-2025-51502 GHSA-mvj3-hc7j-vp74

Affected version: >=2.0.0,<=2.0.19

Reported by:
GitHub
[MEDIUM] Microweber XSS Vulnerability in the homepage Endpoint

PKSA-cd5c-j9yz-j2y1 CVE-2025-51504 GHSA-2x2j-3c2v-g3c2

Affected version: >=2.0.0,<=2.0.19

Reported by:
GitHub
[LOW] Microweber Has Stored XSS Vulnerability in User Profile Fields

PKSA-jf3z-3xjm-qj8r CVE-2025-51503 GHSA-782f-gxj5-xvqc

Affected version: >=2.0.0,<=2.0.19

Reported by:
GitHub
[LOW] Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler

PKSA-tmxf-1h7s-6g36 CVE-2025-2214 GHSA-hcgh-r5gq-6qc2

Affected version: <=2.0.19

Reported by:
GitHub
[MEDIUM] Microweber Cross-site Scripting vulnerability

PKSA-jdhh-h836-7mrg CVE-2024-33297 GHSA-j4v9-cm37-h7c2

Affected version: <=2.0.9

Reported by:
GitHub
[MEDIUM] Microweber Cross-site Scripting vulnerability

PKSA-yr5c-813w-2pn2 CVE-2024-33298 GHSA-w5g5-4jj3-8f6v

Affected version: <=2.0.9

Reported by:
GitHub
[MEDIUM] Microweber Cross-site Scripting vulnerability

PKSA-cqh2-khpm-c35p CVE-2024-33299 GHSA-97h9-p9f8-4p3r

Affected version: <=2.0.9

Reported by:
GitHub
[MEDIUM] Microweber Reflected Cross-site scripting (XSS) vulnerability

PKSA-vvcn-jnp6-qtmx CVE-2024-40101 GHSA-m99v-mmg2-66vf

Affected version: <2.0.16

Reported by:
GitHub
[MEDIUM] Microweber Cross Site Scripting (XSS) vulnerability

PKSA-7qgc-bw2s-qxrw CVE-2024-41380 GHSA-hf66-xfgj-42g8

Affected version: <=2.0.16

Reported by:
GitHub
[MEDIUM] Microweber Cross Site Scripting (XSS) vulnerability

PKSA-r8rz-gz7m-zpfc CVE-2024-41381 GHSA-h4xf-wx99-jmv4

Affected version: <=2.0.16

Reported by:
GitHub
[HIGH] Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method

PKSA-jxcs-gfw2-chsv CVE-2023-48122 GHSA-p8q6-qrgj-7gx2

Affected version: >=2.0.1,<2.0.4

Reported by:
GitHub
[HIGH] Microweber file upload vulnerability

PKSA-xs75-x9v8-bkhn CVE-2023-49052 GHSA-2c7x-w3mx-h7p6

Affected version: <=2.0.4

Reported by:
GitHub
[MEDIUM] Microweber Cross-site Scripting vulnerability

PKSA-n7r8-zpqq-jfjd CVE-2023-47379 GHSA-jmwm-w2rm-prv9

Affected version: <2.0.3

Reported by:
GitHub

microweber/microweber Security Advisories for 2.0.1.x-dev (16)

[LOW] Microweber has a Cross-site Scripting vulnerability

[LOW] Microweber Cross-site Scripting vulnerability

[MEDIUM] Microweber has Reflected XSS Vulnerability in the id Parameter

[MEDIUM] Microweber has Reflected XSS Vulnerability in the layout Parameter

[MEDIUM] Microweber XSS Vulnerability in the homepage Endpoint

[LOW] Microweber Has Stored XSS Vulnerability in User Profile Fields

[LOW] Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler

[MEDIUM] Microweber Cross-site Scripting vulnerability

[MEDIUM] Microweber Cross-site Scripting vulnerability

[MEDIUM] Microweber Cross-site Scripting vulnerability

[MEDIUM] Microweber Reflected Cross-site scripting (XSS) vulnerability

[MEDIUM] Microweber Cross Site Scripting (XSS) vulnerability

[MEDIUM] Microweber Cross Site Scripting (XSS) vulnerability

[HIGH] Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method

[HIGH] Microweber file upload vulnerability

[MEDIUM] Microweber Cross-site Scripting vulnerability