CVE-2024-33298

Medium CVSS: 6.1

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup

Vendor

Microweber

Product

Microweber

CWE

CWE-79

Yayın Tarihi

2025-01-10 20:15:30

Güncelleme

2025-07-03 00:39:39

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Microweber MEDIUM Microweber 2025

Referanslar

https://github.com/MathSabo/CVE-2024-33298

Benzer Kayıtlar

Medium

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject mal…

High

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexit…

Medium

CVE-2025-51501

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS…

Medium

CVE-2025-51502

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allow…