CVE-2024-33299

Name of the Vulnerable Software and Affected Versions: Microweber version 2.0.9 Microweber versions prior to 2.0.9

Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint "/admin/module/view?type=users". This enables the attacker to inject malicious scripts into the website, potentially leading to unauthorized access or data theft.

Recommendations: For Microweber version 2.0.9, update to a version that fixes this issue. For Microweber versions prior to 2.0.9, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "/admin/module/view?type=users" endpoint until a patch is available. Avoid using the First Name and Last Name parameters in the affected endpoint until the issue is resolved.