CVE-2025-51502

Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0

Description The application suffers from a reflected Cross-Site Scripting (XSS) issue. This allows arbitrary JavaScript execution in the context of authenticated admin users through the layout parameter on the /admin/page/create page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.