Microweber

Microweber

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-70791

Exploit
  • EPSS 0.04%
  • Veröffentlicht 05.02.2026 17:16:13
  • Zuletzt bearbeitet 10.02.2026 18:56:17

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript ...

6.1

CVE-2025-70792

Exploit
  • EPSS 0.04%
  • Veröffentlicht 05.02.2026 17:16:13
  • Zuletzt bearbeitet 10.02.2026 18:54:33

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code exe...

5.4

CVE-2024-58289

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.12.2025 21:34:21
  • Zuletzt bearbeitet 12.01.2026 16:15:36

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the pr...

8.3

CVE-2025-60954

Exploit
  • EPSS 0.09%
  • Veröffentlicht 24.10.2025 00:00:00
  • Zuletzt bearbeitet 28.10.2025 14:22:52

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account ...

6.1

CVE-2025-51501

Exploit
  • EPSS 0.14%
  • Veröffentlicht 01.08.2025 00:00:00
  • Zuletzt bearbeitet 19.08.2025 15:36:02

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.

6.1

CVE-2025-51502

Exploit
  • EPSS 0.12%
  • Veröffentlicht 01.08.2025 00:00:00
  • Zuletzt bearbeitet 19.08.2025 15:33:25

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.

7.6

CVE-2025-51504

Exploit
  • EPSS 0.07%
  • Veröffentlicht 01.08.2025 00:00:00
  • Zuletzt bearbeitet 19.08.2025 15:33:07

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.

7.6

CVE-2025-51503

  • EPSS 0.11%
  • Veröffentlicht 31.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 16:21:09

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

7.2

CVE-2025-34076

Exploit
  • EPSS 21.32%
  • Veröffentlicht 02.07.2025 19:27:03
  • Zuletzt bearbeitet 20.08.2025 03:05:09

An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary...

6.1

CVE-2025-2214

Exploit
  • EPSS 0.09%
  • Veröffentlicht 11.03.2025 23:31:04
  • Zuletzt bearbeitet 09.07.2025 17:06:31

A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of t...