5930 matches found
GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
Cross-site Scripting (XSS)
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout parameter on the /admin/page/create page. An attacker can execute arbitrary JavaScript in the context of authenticated admin users...
Microweber has Reflected XSS Vulnerability in the layout Parameter
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
CVE-2025-51502
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
Cross-site Scripting (XSS)
Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS in safemode due to improper handling of incomplete HTML tags. The encodeincompletetags function fails to properly check for auto links, allowin...
CVE-2024-45515
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...
PT-2025-31651 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: This issue involves a reflected Cross-Site Scripting XSS vulnerability. It allows arbitrary JavaScript execution within the context of authenticated administrator users through manipulation of the layou...
CVE-2025-51502
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
CVE-2025-51501
CVE-2025-51501 : Microweber CMS 2.0 is affected by a Reflected XSS in the id parameter of the live_edit.module_settings API endpoint. The vulnerability allows an authenticated attacker to inject and execute arbitrary JavaScript in a victim’s browser via the id parameter, with impact described as ...
CVE-2025-51502
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
PT-2025-31650 · Unknown · Microweber Cms2.0
Name of the Vulnerable Software and Affected Versions: Microweber CMS2.0 Description: Reflected Cross-Site Scripting XSS in the id parameter of the /live edit.module settings API endpoint allows execution of arbitrary JavaScript. Recommendations: At the moment, there is no information about a new...
CVE-2025-51501
Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...
GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filter parameter in the recent uploads page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious URL containing a specially crafted filter value...
CVE-2025-40685
Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php...
CVE-2025-40686
Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php...
CVE-2025-40684
Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php...