microweber

Top products

The 15 most recently published vulnerabilities affecting microweber.

• CVE-2025-70792Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privi...6.1Feb 5, 2026
• CVE-2025-70791Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with adm...6.1Feb 5, 2026
• CVE-2024-58289Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields5.4Dec 11, 2025
• CVE-2025-60954Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including s...8.3Oct 24, 2025
• CVE-2025-51504Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.7.6Aug 1, 2025
• CVE-2025-51502Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.6.1Aug 1, 2025
• CVE-2025-51501Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.6.1Aug 1, 2025
• CVE-2025-51503A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin bro...7.6Jul 31, 2025
• CVE-2025-34076Microweber CMS Authenticated Local File Inclusion via Backup API7.2Jul 2, 2025
• CVE-2025-2214Microweber Settings index.php cross site scripting3.5Mar 11, 2025
• CVE-2024-33299Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users4.7Jan 10, 2025
• CVE-2024-33298Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adm...6.1Jan 10, 2025
• CVE-2024-33297Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function4.7Jan 10, 2025
• CVE-2024-40101A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'k...6.1Aug 6, 2024
• CVE-2024-41381microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.6.1Aug 5, 2024