Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LMicroweber
APPMicroweber2.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2023-1877CRITICAL9.8ten sam produkt
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2022-0895CRITICAL9.8ten sam produkt
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
CVE-2020-23138CRITICAL9.8ten sam produkt
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attac...
CVE-2025-60954HIGH8.3ten sam produkt
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or...
CVE-2025-51503HIGH7.6ten sam produkt
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious s...