98 matches found
GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Microweber Has Stored XSS Vulnerability in User Profile Fields
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
Microweber CMS 安全漏洞
Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
PT-2025-31569 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...
CVE-2025-51503
A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
Directory Traversal
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Directory Traversal via the /api/BackupV2/upload and /api/BackupV2/download endpoints. An attacker can access arbitrary files on the underlying filesystem by supplying...
GHSA-J64V-XH5W-8HQJ Microweber CMS API has authenticated local file inclusion vulnerability
An authenticated local file inclusion vulnerability exists in Microweber CMS versions 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyi...
Microweber CMS API has authenticated local file inclusion vulnerability
An authenticated local file inclusion vulnerability exists in Microweber CMS versions 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyi...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076
CVE-2025-34076 is an authenticated local file inclusion in Microweber CMS (versions ≤ 1.2.11) caused by insecure handling of the backup management API. The vulnerable components are the /api/BackupV2/upload and /api/BackupV2/download endpoints, which allow an absolute file path to be supplied via...
PT-2025-27668 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS versions = 1.2.11 Description: An authenticated local file inclusion issue exists due to the misuse of the backup management API. Authenticated users can exploit the /api/BackupV2/upload and /api/BackupV2/download endpoints to...
CVE-2023-47379
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting XSS via the profile picture file upload functionality...
CVE-2021-33988
Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...