Lucene search
K

1374 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/05/14 8:20 a.m.22 views

microweber-vuldb-disclosure-2026

Microweber Security Advisories This repository contains publi...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.19 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.9 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6AI score0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/05 6:30 p.m.3 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the orderDirection parameter in the /admin/order/abandoned endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the relid parameter in the /admin/category/create endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.7 views

Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.7 views

Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.1CVSS6.2AI score0.0027EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/05 6:30 p.m.6 views

GHSA-6W5W-JX4X-VJVW Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.3CVSS6.2AI score0.0027EPSS
Exploits1References4
OSV
OSV
added 2026/02/05 6:30 p.m.6 views

GHSA-5JG5-XQFW-RV92 Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.3CVSS6.2AI score0.0027EPSS
Exploits1References4
NVD
NVD
added 2026/02/05 5:16 p.m.8 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/02/05 5:16 p.m.6 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS0.0027EPSS
Exploits1References2
OSV
OSV
added 2026/02/05 5:16 p.m.6 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/02/05 5:16 p.m.7 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 2026/02/05 12:0 a.m.10 views

CVE-2025-70791

CVE-2025-70791 : Microweber 2.0.19 has a Cross-Site Scripting vulnerability in the "/admin/order/abandoned" endpoint. The issue arises from accepting and manipulating the orderDirection parameter in a crafted URL, which can lure a user with admin privileges into visiting it and result in JavaScri...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/05 12:0 a.m.5 views

EUVD-2025-206822

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.23 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

0.0027EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.3 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1AI score0.0027EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6596

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20 Description A Cross Site Scripting issue exists in the /admin/order/abandoned API endpoint of the software. An attacker can manipulate the orderDirection parameter within a crafted URL. By enticing a user wi...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.10 views

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the admin/order/abandoned endpoint having...

6.1CVSS5.7AI score0.0027EPSS
Exploits1References2
Rows per page
Query Builder