Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the orderDirection parameter in the /admin/order/abandoned endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the relid parameter in the /admin/category/create endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in version 2.0 of Microweber CMS, which stems from lax password requirements and could lead to account cracking...

Weak Password Requirements

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Weak Password Requirements in the password reset process. An attacker can gain unauthorized access to user or administrative accounts using weak passwords that are easily...

PT-2025-43670

Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...

EUVD-2014-9283

Malware in sbrugna...

EUVD-2021-2263

Malware in sbrugna...

EUVD-2025-23298

Malicious code in bioql PyPI...

EUVD-2025-19754

Malicious code in bioql PyPI...

EUVD-2025-23377

Malicious code in bioql PyPI...

EUVD-2025-23365

Malicious code in bioql PyPI...

EUVD-2023-2992

Malicious code in bioql PyPI...

EUVD-2025-23376

Malicious code in bioql PyPI...

CVE-2025-51504

Microweber CMS 2.0 is vulnerable to Cross Site Scripting XSSin the /projects/profile, homepage endpoint via the last name field...

CVE-2025-51501

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

GHSA-2X2J-3C2V-G3C2 Microweber XSS Vulnerability in the homepage Endpoint

Microweber CMS 2.0 is vulnerable to Cross Site Scripting XSS in the /projects/profile, homepage endpoint via the last name field...

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the liveedit.modulesettings API endpoint. An attacker can execute arbitrary JavaScript in the context of a user's browser...