CVE-2024-58289

Name of the Vulnerable Software and Affected Versions Microweber version 2.0.15

Description The software contains a stored cross-site scripting issue that allows authenticated attackers to inject malicious scripts into user profile fields. Specifically, attackers can input script payloads into the first name field. This script will execute when a user profile is viewed, potentially leading to session cookie theft and arbitrary JavaScript execution.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the first name field in user profiles.