Microweber: >> Microweber >> 2.0.15 Security Vulnerabilities
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-11
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2024-08-06