CVE-2025-60954

High CVSS: 8.3

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

Vendor

Microweber

Product

Microweber

CWE

CWE-521

Yayın Tarihi

2025-10-24 21:16:03

Güncelleme

2025-10-28 14:22:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-521 Microweber HIGH Microweber 2025

Referanslar

https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646 https://github.com/microweber/microweber https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954

Benzer Kayıtlar

Medium

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject mal…

Medium

CVE-2025-51501

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS…

Medium

CVE-2025-51502

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allow…

High

CVE-2025-51504

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last n…