CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation due to the last name field in the /projects/profile homepage endpoint allowing injection of malicious scripts...

CVE-2025-51501

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

CVE-2023-2014

Cross-site Scripting XSS - Generic in GitHub repository microweber/microweber prior to 1.3.3...

CVE-2022-0638

Cross-Site Request Forgery CSRF in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0954

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...