Microweber: >> Microweber >> 2.0.0 Security Vulnerabilities
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
CVSS Score
6.1
EPSS Score
0.004
Published
2025-08-01
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
CVSS Score
6.1
EPSS Score
0.004
Published
2025-08-01
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-08-01
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-31
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
CVSS Score
4.7
EPSS Score
0.003
Published
2025-01-10
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-10
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
CVSS Score
4.7
EPSS Score
0.003
Published
2025-01-10
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-06