CVE-2024-33298

Name of the Vulnerable Software and Affected Versions: Microweber versions prior to 2.0.9

Description: The issue allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint "/admin/module/view?type=admin backup", exploiting a Stored Cross Site Scripting (XSS) issue.

Recommendations: For versions prior to 2.0.9, update to version 2.0.9 or later to resolve the issue. As a temporary workaround, consider disabling the create new backup function in the endpoint "/admin/module/view?type=admin backup" until a patch is available. Restrict access to the endpoint "/admin/module/view?type=admin backup" to minimize the risk of exploitation.