PT-2025-31650 · Unknown · Microweber Cms2.0

Progprnv

Published

2025-08-01

Updated

2025-08-01

CVE-2025-51501

Report an issue

CVSS v3.1

6.1

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Microweber CMS2.0

Description:

Reflected Cross-Site Scripting (XSS) exists in the `id` parameter of the `/live edit.module settings` API endpoint, allowing for the execution of arbitrary JavaScript.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-51501

GHSA-8357-FJVX-XRM8

Affected Products

Microweber Cms2.0

PT-2025-31650 · Unknown · Microweber Cms2.0

Weakness Enumeration

Related Identifiers

Affected Products

References · 9