PT-2025-2412 · Unknown · Microweber

Mathsabo

Published

2025-01-10

Updated

2025-07-03

CVE-2024-33297

CVSS v4.0

5.5

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

Name of the Vulnerable Software and Affected Versions: Microweber versions prior to 2.0.9

Description: The issue allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function. This is a Cross Site Scripting vulnerability.

Recommendations: For versions prior to 2.0.9, update to version 2.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Add new campaign function until a patch is available. Avoid using the campaign Name (Internal Name) field in the affected function until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33297

GHSA-J4V9-CM37-H7C2

Affected Products

Microweber

PT-2025-2412 · Unknown · Microweber

CVE-2024-33297

Weakness Enumeration

Related Identifiers

Affected Products

References · 9