Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists prior to Microweber 1.3, which stems from the program’s lack of checksum filtering of user-supplied data and output data. An attack could exploit the vulnerability to insert malicious html code in blog comments to execute a phishing attack.