Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 19 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Microweber microweber
CPEs cpe:2.3:a:microweber:microweber:2.0.0:*:*:*:*:*:*:*
Vendors & Products Microweber microweber

Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Microweber
Microweber cms
Vendors & Products Microweber
Microweber cms

Fri, 01 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 01 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-01T18:01:25.783Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-51502

cve-icon Vulnrichment

Updated: 2025-08-01T18:01:13.390Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-01T17:15:52.500

Modified: 2025-08-19T15:33:25.670

Link: CVE-2025-51502

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T12:05:48Z