progprnv/CVE-Reports

Releases0

Stars5

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-60954 ↗	Oct 24, 2025Friday, 24 October 2025, 21:16	8.3 HIGH	—
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
CVE-2025-51501 ↗	Aug 1, 2025Friday, 1 August 2025, 17:15	6.1 MEDIUM	—
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
CVE-2025-51502 ↗	Aug 1, 2025Friday, 1 August 2025, 17:15	6.1 MEDIUM	—
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
CVE-2025-51504 ↗	Aug 1, 2025Friday, 1 August 2025, 17:15	7.6 HIGH	—
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVE-2025-51503 ↗	Jul 31, 2025Thursday, 31 July 2025, 18:15	7.6 HIGH	—
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.