Microweber is a drag-and-drop website builder and CMS based on the PHP Laravel framework. Microweber is vulnerable to a cross-site scripting vulnerability that stems from a file upload filter that fails to properly validate input parameters, which could be exploited to construct a stored XSS, obtain sensitive user information and construct a phishing email attack.