Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.19 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6AI score0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/05 6:30 p.m.3 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the orderDirection parameter in the /admin/order/abandoned endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS0.0027EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.3 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1AI score0.0027EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6596

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20 Description A Cross Site Scripting issue exists in the /admin/order/abandoned API endpoint of the software. An attacker can manipulate the orderDirection parameter within a crafted URL. By enticing a user wi...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References8
CVE
CVE
added 2026/02/05 12:0 a.m.10 views

CVE-2025-70791

CVE-2025-70791 : Microweber 2.0.19 has a Cross-Site Scripting vulnerability in the "/admin/order/abandoned" endpoint. The issue arises from accepting and manipulating the orderDirection parameter in a crafted URL, which can lure a user with admin privileges into visiting it and result in JavaScri...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/04/03 7:21 a.m.8 views

WordPress WooCommerce Cart Abandonment Recovery plugin < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF vulnerability

Templates/Abandoned Orders Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Cart Abandonment Recovery versions 1.2.27...

6.8CVSS7AI score0.00353EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/03 5:15 a.m.2 views

CVE-2024-2322

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

6.8CVSS5.9AI score0.00353EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/03 5:0 a.m.17 views

CVE-2024-2322 WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

6.9AI score0.00353EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/03 5:0 a.m.36 views

CVE-2024-2322 WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

6.8AI score0.00353EPSS
Exploits2References1
Rows per page
Query Builder