CVE-2025-70792

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20

Description A Cross-Site Scripting issue exists in the /admin/category/create API endpoint. An attacker can manipulate the rel id parameter within a crafted URL. By enticing a user with administrative privileges to visit the malicious URL, the attacker can execute JavaScript code in the victim's browser.

Recommendations Update to version 2.0.20 or later.