CVE-2025-70791

Medium CVSS: 6.1

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.

Vendor

Microweber

Product

Microweber

CWE

CWE-79

Yayın Tarihi

2026-02-05 17:16:13

Güncelleme

2026-02-10 18:56:17

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Microweber MEDIUM Microweber 2026

Referanslar

https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4 https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f

Benzer Kayıtlar

Medium

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipu…

Medium

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject mal…

High

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexit…

Medium

CVE-2025-51501

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS…

Medium

CVE-2025-51502

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allow…

High

CVE-2025-51504

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last n…