Bitweaver CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (32 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2007-6650	1 Bitweaver	1 R2 Cms	2025-04-09	N/A
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
CVE-2006-6923	1 Bitweaver	1 Bitweaver	2025-04-09	N/A
SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.
CVE-2021-29033	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
CVE-2021-29032	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.
CVE-2021-29031	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.
CVE-2021-29030	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
CVE-2021-29029	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
CVE-2021-29028	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.
CVE-2021-29027	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
CVE-2021-29026	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
CVE-2021-29025	1 Bitweaver	1 Bitweaver	2024-11-21	4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.
CVE-2012-5193	1 Bitweaver	1 Bitweaver	2024-11-21	6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.

« first previous Page 2 of 2.