Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-23377 | Microweber has Reflected XSS Vulnerability in the id Parameter |
Github GHSA |
GHSA-8357-fjvx-xrm8 | Microweber has Reflected XSS Vulnerability in the id Parameter |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 19 Aug 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microweber
Microweber microweber |
|
| CPEs | cpe:2.3:a:microweber:microweber:2.0.0:*:*:*:*:*:*:* | |
| Vendors & Products |
Microweber
Microweber microweber |
Fri, 01 Aug 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Fri, 01 Aug 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-01T17:56:46.842Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-51501
Updated: 2025-08-01T17:56:39.958Z
Status : Analyzed
Published: 2025-08-01T17:15:52.370
Modified: 2025-08-19T15:36:02.763
Link: CVE-2025-51501
No data.
OpenCVE Enrichment
No data.
EUVD
Github GHSA