HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-51503

CVSS 7.6v3.1pub. 2025-07-31upd. 2025-08-06

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Microweber

    APP
    Microweber
    2.0.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-1877CRITICAL9.8ten sam produkt

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

CVE-2022-0895CRITICAL9.8ten sam produkt

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CVE-2020-23138CRITICAL9.8ten sam produkt

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attac...

CVE-2025-60954HIGH8.3ten sam produkt

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or...

CVE-2025-51504HIGH7.6ten sam produkt

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...

CVE-2025-51503 β€” Microweber β€” HIGH β€” CVSS 7.6 | CVEbaza.pl