Lucene search
+L

98 matches found

OSV
OSV
added 2025/07/31 6:32 p.m.5 views

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

4.8CVSS5.2AI score0.00467EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/31 6:32 p.m.13 views

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/07/31 6:15 p.m.8 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS0.00467EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.7 views

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

7.6CVSS5.9AI score0.00467EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/31 12:0 a.m.13 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

0.00467EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/31 12:0 a.m.2 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

5.4AI score0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.11 views

PT-2025-31569 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...

7.6CVSS5.3AI score0.00467EPSS
Exploits0References11
OSV
OSV
added 2025/07/31 12:0 a.m.25 views

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

7.6CVSS5.1AI score0.00467EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/04 8:27 p.m.17 views

CVE-2025-34076

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

7.2CVSS6.1AI score0.01315EPSS
Exploits2References1
Snyk
Snyk
added 2025/07/02 9:32 p.m.3 views

Directory Traversal

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Directory Traversal via the /api/BackupV2/upload and /api/BackupV2/download endpoints. An attacker can access arbitrary files on the underlying filesystem by supplying...

7.2CVSS7.8AI score0.01315EPSS
Exploits2References2
OSV
OSV
added 2025/07/02 9:32 p.m.8 views

GHSA-J64V-XH5W-8HQJ Microweber CMS API has authenticated local file inclusion vulnerability

An authenticated local file inclusion vulnerability exists in Microweber CMS versions 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyi...

6.1CVSS5.8AI score0.01315EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2025/07/02 9:32 p.m.11 views

Microweber CMS API has authenticated local file inclusion vulnerability

An authenticated local file inclusion vulnerability exists in Microweber CMS versions 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyi...

7.2CVSS6.3AI score0.01315EPSS
Exploits2References8Affected Software1
NVD
NVD
added 2025/07/02 8:15 p.m.7 views

CVE-2025-34076

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

7.2CVSS0.01315EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/07/02 7:27 p.m.2 views

CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

6.1CVSS6.8AI score0.01315EPSS
Exploits2References6
Cvelist
Cvelist
added 2025/07/02 7:27 p.m.12 views

CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

6.1CVSS0.01315EPSS
Exploits2References6
OSV
OSV
added 2025/07/02 7:27 p.m.6 views

CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

6.1CVSS6AI score0.01315EPSS
Exploits2References8
CVE
CVE
added 2025/07/02 7:27 p.m.40 views

CVE-2025-34076

CVE-2025-34076 is an authenticated local file inclusion in Microweber CMS (versions ≤ 1.2.11) caused by insecure handling of the backup management API. The vulnerable components are the /api/BackupV2/upload and /api/BackupV2/download endpoints, which allow an absolute file path to be supplied via...

7.2CVSS6.3AI score0.01315EPSS
Exploits2References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.5 views

PT-2025-27668 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS versions = 1.2.11 Description: An authenticated local file inclusion issue exists due to the misuse of the backup management API. Authenticated users can exploit the /api/BackupV2/upload and /api/BackupV2/download endpoints to...

7.2CVSS6AI score0.01315EPSS
Exploits2References12
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.13 views

CVE-2023-47379

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting XSS via the profile picture file upload functionality...

5.4CVSS5.8AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:49 p.m.6 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.1CVSS6.7AI score0.01029EPSS
Exploits1References1
Rows per page
Query Builder