CVE-2024-58289

Medium CVSS: 5.3

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.

Vendor

Microweber

Product

Microweber

CWE

CWE-79

Yayın Tarihi

2025-12-11 22:15:49

Güncelleme

2026-01-12 16:15:36

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Microweber MEDIUM Microweber 2025

Referanslar

https://github.com/microweber/microweber https://microweber.me/ https://www.exploit-db.com/exploits/52058 https://www.vulncheck.com/advisories/microweber-stored-cross-site-scripting-via-user-profile-fields

Benzer Kayıtlar

Medium

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipu…

High

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexit…

Medium

CVE-2025-51501

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS…

Medium

CVE-2025-51502

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allow…

High

CVE-2025-51504

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last n…