microweber/microweber vulnerabilities

Known vulnerabilities in the microweber/microweber package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<2.0.16
M Cross-site Scripting (XSS)	>=0.0.0
M Cross-site Scripting (XSS)	>=0.0.0
M Business Logic Errors	<2.0.0
H Information Exposure	>=2.0.1, <2.0.4
L Missing Standardized Error Handling Mechanism	<2.0.0
L Improper Enforcement of Behavioral Workflow	<2.0.0
H Unrestricted Upload of File with Dangerous Type	<2.0.5
M Cross-site Scripting (XSS)	<2.0.3
L Improper Access Control	<2.0.0
M Cross-site Scripting (XSS)	<2.0.0
M Use of Hard-coded Credentials	<2.0.0
M Cross-site Scripting (XSS)	<2.0.0
L Cross-site Scripting (XSS)	<2.0.0
H Improper Privilege Management	<1.3.4
M Information Exposure	<1.3.4
M Cross-site Scripting (XSS)	<1.3.3
H Cross-site Scripting (XSS)	<1.3.3
L Deserialization of Untrusted Data	<1.3.3
M Arbitrary Command Injection	<1.3.3
M Cross-site Scripting (XSS)	<v1.3.3
M Cross-site Scripting (XSS)	<1.2.9
M Cross-site Scripting (XSS)	<1.3.2
L Arbitrary File Upload	<1.3.2
M Cross-site Scripting (XSS)	<1.3.2
L Cross-site Scripting (XSS)	<1.3.2
H Cross-site Scripting (XSS)	<1.3.2
M Weak Password Recovery Mechanism for Forgotten Password	>=0.0.0
M Arbitrary Code Injection	<1.3.2
M Arbitrary Code Injection	<1.3.2
M Cross-site Scripting (XSS)	<1.3.1
M Cross-site Scripting (XSS)	<1.2.21
M Cross-site Scripting (XSS)	<1.2.21
H Insufficient Session Expiration	>=0.0.0
M Insufficient Session Expiration	>=0.0.0
M Information Exposure	>=0.0.0
M Brute Force	<1.3.0
M Cross-site Scripting (XSS)	<1.2.20
M Cross-site Scripting (XSS)	<1.2.19
M Cross-site Scripting (XSS)	<1.2.19
M Open Redirect	<1.2.19
M Cross-site Scripting (XSS)	<1.2.18
M Cross-site Scripting (XSS)	<1.2.18
M Cross-site Scripting (XSS)	<1.2.16
M Cross-site Scripting (XSS)	<1.2.16
M Cross-site Scripting (XSS)	<1.2.15
M Cross-site Scripting (XSS)	<1.2.15
M Denial of Service (DoS)	<1.2.12
M Cross-site Scripting (XSS)	<1.2.11
M Integer Overflow or Wraparound	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
M Integer Overflow or Wraparound	<1.2.12
L Cross-site Scripting (XSS)	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
H Arbitrary Code Execution	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
M Cross-site Scripting	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
C Integer Overflow or Wraparound	<1.2.12
M HTML Code Injection	<1.2.12
M Improper Input Validation	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
M Cross-site Scripting (XSS)	<1.2.12
H Insecure Storage of Sensitive Information	<1.2.12
H Cross-site Scripting (XSS)	<1.2.12
M Business Logic Errors	<1.2.11
M Cross-site Scripting (XSS)	<1.2.11
M Cross-site Scripting (XSS)	<1.2.11
M Information Exposure	<1.2.11
H Information Exposure	<1.2.11
L Cross-site Request Forgery (CSRF)	<1.2.11
M Open Redirect	<1.2.11
M Open Redirect	<1.2.11
H Command Injection	<1.2.11
H Cross-site Scripting (XSS)	<1.2.11
M Cross-site Scripting (XSS)	<1.2.11
M Information Exposure	<1.2.11
M Cross-site Request Forgery (CSRF)	<1.2.11
M Cross-site Scripting (XSS)	<1.2.11
M Cross-site Scripting (XSS)	<1.2.11
H Cross-site Scripting (XSS)	<1.2.11
M Access Restriction Bypass	<1.2.11
M HTML Injection	<1.2.11
H Information Exposure	<1.2.11
M Cross-site Scripting (XSS)	<1.2.8
H Arbitrary File Write via Archive Extraction (Zip Slip)	<1.2.0.x-dev
H Information Disclosure	<1.1.20
C Arbitrary File Upload	<1.2.3
M Cross-site Scripting (XSS)	<1.1
M Cross-site Scripting (XSS)	<1.1
H Cross-site Request Forgery (CSRF)	<1.1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

<2.0.16

Cross-site Scripting (XSS)

>=0.0.0

Cross-site Scripting (XSS)

>=0.0.0

Business Logic Errors

<2.0.0

Information Exposure

>=2.0.1, <2.0.4