EUVD-2025-206823

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the /admin/category/create endpoint, which...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

PT-2026-6597

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20 Description A Cross-Site Scripting issue exists in the /admin/category/create API endpoint. An attacker can manipulate the rel id parameter within a crafted URL. By enticing a user with administrative...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-70791

CVE-2025-70791 : Microweber 2.0.19 has a Cross-Site Scripting vulnerability in the "/admin/order/abandoned" endpoint. The issue arises from accepting and manipulating the orderDirection parameter in a crafted URL, which can lure a user with admin privileges into visiting it and result in JavaScri...

CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

Microweber CMS2.0 - Cross-Site Scripting

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. id: CVE-2025-51501 info: name: Microweber CMS2.0 - Cross-Site Scripting author: nukunga severity: medium description: | Reflected...

Microweber CMS 2.0 - Reflected XSS in Admin Page Creation

Reflected Cross-Site Scripting XSS exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users. id: CVE-2025-51502 info: name: Microweber CMS 2.0 - Reflected XSS in Admin Page...

Microweber 1.0.8 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Microweber CMS version 1.0.8. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3...

CVE-2022-0906

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12...

CVE-2022-0928

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0763

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.3...

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11...