CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

GHSA-HCGH-R5GQ-6QC2 Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler

A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/websitegroup/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting...

CVE-2025-2214

A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/websitegroup/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting...

CVE-2025-2214

CVE-2025-2214 affects Microweber 2.0.19. The vulnerability is an XSS in the Settings Handler, triggered by manipulating the group argument in the file path userfiles/modules/settings/group/website_group/index.php. It can be exploited remotely and the public PoC has been disclosed. No fixed versio...