Bitweaver : Security Vulnerabilities, CVEs, (XSS)

CVE-2021-29033

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29032

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29031

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29030

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29029

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29028

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29027

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29026

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2021-29025

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-03-24
Updated
2021-03-24

CVE-2012-5193

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-11-13
Updated
2019-11-15

CVE-2008-4337

Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6) calendar.php, (7) index.php, and (8) list_events.php in events/; (9) index.php and (10) list_galleries.php in fisheye/; (11) liberty/list_content.php; (12) newsletters/edition.php; (13) pigeonholes/list.php; (14) recommends/index.php; (15) rss/index.php; (16) stars/index.php; (17) users/remind_password.php; (18) wiki/orphan_pages.php; and (19) stats/index.php, different vectors than CVE-2007-0526 and CVE-2005-4379. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-09-30
Updated
2017-08-08

CVE-2007-6374

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
Max CVSS
4.3
EPSS Score
0.65%
Published
2007-12-15
Updated
2018-10-15

CVE-2007-0526

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.
Max CVSS
4.3
EPSS Score
1.73%
Published
2007-01-26
Updated
2018-10-16

CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
Max CVSS
6.8
EPSS Score
4.31%
Published
2007-01-13
Updated
2017-07-29

CVE-2006-3103

Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
Max CVSS
4.3
EPSS Score
1.14%
Published
2006-06-21
Updated
2018-10-18

CVE-2006-1745

Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
2.6
EPSS Score
0.32%
Published
2006-04-12
Updated
2011-03-08

CVE-2006-1131

Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.
Max CVSS
4.3
EPSS Score
0.71%
Published
2006-03-10
Updated
2017-07-20
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close