HIGH🇬🇧 English

CVE-2025-51503

CVSS 7.6v3.1pub. 2025-07-31upd. 2025-08-06

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Microweber

    APP
    Microweber
    2.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-1877CRITICAL9.8ten sam produkt

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

CVE-2022-0895CRITICAL9.8ten sam produkt

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CVE-2020-23138CRITICAL9.8ten sam produkt

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attac...

CVE-2025-60954HIGH8.3ten sam produkt

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or...

CVE-2025-51504HIGH7.6ten sam produkt

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...