CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

CVE-2025-24854

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...

GHSA-8357-FJVX-XRM8 Microweber has Reflected XSS Vulnerability in the id Parameter

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the liveedit.modulesettings API endpoint. An attacker can execute arbitrary JavaScript in the context of a user's browser...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout parameter on the /admin/page/create page. An attacker can execute arbitrary JavaScript in the context of authenticated admin users...

Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS in safemode due to improper handling of incomplete HTML tags. The encodeincompletetags function fails to properly check for auto links, allowin...

CVE-2024-45515

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...

PT-2025-31651 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: This issue involves a reflected Cross-Site Scripting XSS vulnerability. It allows arbitrary JavaScript execution within the context of authenticated administrator users through manipulation of the layou...

CVE-2025-51501

CVE-2025-51501 : Microweber CMS 2.0 is affected by a Reflected XSS in the id parameter of the live_edit.module_settings API endpoint. The vulnerability allows an authenticated attacker to inject and execute arbitrary JavaScript in a victim’s browser via the id parameter, with impact described as ...

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51501

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

PT-2025-31650 · Unknown · Microweber Cms2.0

Name of the Vulnerable Software and Affected Versions: Microweber CMS2.0 Description: Reflected Cross-Site Scripting XSS in the id parameter of the /live edit.module settings API endpoint allows execution of arbitrary JavaScript. Recommendations: At the moment, there is no information about a new...

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...