EUVD-2025-199493

Malicious code in @livecms/nuxt-live-edit npm...

Malicious code in @livecms/live-edit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c7809db8bb669af7eb4bdecf71a153df39183ffffcccedc22eb5a123491bfd9 The package @livecms/live-edit was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199494

Malicious code in @livecms/live-edit npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the id parameter in the liveedit.modulesettings API endpoint allowing arbitrary JavaScript execution...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the liveedit.modulesettings API endpoint. An attacker can execute arbitrary JavaScript in the context of a user's browser...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflective cross-site scripting in the id parameter in the liveedit.modulesettings API endpoint, which could lead to arbitrary JavaScript...

xss in live edit

Description when you make website and login as admin if u add user as admin he maybe evil admin n live edit https://demoxss.microweber.net/?editmode=y i start edit as html i see i can write script but didnt pass when u open site as end user then i just try add html tag with events but the sam...

HTML Injection vulnerability in create tag functionality

Vulnerability Details In the Microweber CMS, While doing a live edit on to the application, we have the option to create a new global tag in the application. While creating a global tag, the "Tag Name" input field doesn't properly get sanitized and it's vulnerable to HTML Injection vulnerability...

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a reflected XSS in creating and searching tag function . where any user can execute any malicious code results in the cookie stealing or Account takeover vulnerability Steps to Produce: Go to this particular URL URL Click on live edit , Now In the tag section and select the...