CNNVD-202508-058 Information

CNNVD ID

CNNVD-202508-058

Related CVE

CVE-2025-51501

• CNNVD Published: 2025-08-01

Description (Chinese)

Microweber CMS是Microweber开源的一个拖放式网站构建器。 Microweber CMS 2.0版本存在安全漏洞，该漏洞源于live_edit.module_settings API端点中id参数存在反射型跨站脚本，可能导致任意JavaScript执行。

Description (English)

Micrower CMS is a drag-and-drop site builder of the Microwerber Open Source. There is a security loophole in Microweber CMS 2.0, which stems from the reflective cross-site script of the id parameters in the Live edit.module settings API endpoint, which may result in the implementation of any JavaScript.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Microweber

Published

2025-08-01

Last Modified

2026-02-24

References

https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20id%20parameter.md https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51501 https://access.redhat.com/security/cve/cve-2025-51501 https://nvd.nist.gov/vuln/detail/CVE-2025-51501