CNNVD-202508-061 Information

CNNVD ID

CNNVD-202508-061

Related CVE

CVE-2025-51502

• CNNVD Published: 2025-08-01

Description (Chinese)

Microweber CMS是Microweber开源的一个拖放式网站构建器。 Microweber CMS 2.0版本存在安全漏洞，该漏洞源于/admin/page/create页面中layout参数存在反射型跨站脚本，可能导致任意JavaScript执行。

Description (English)

Micrower CMS is a drag-and-drop site builder of the Microwerber Open Source. There is a security loophole in version Microweber CMS 2.0, which stems from the fact that the playout parameters in the /admin/page/create page are reflected in cross-site scripts, which may result in the execution of any JavaScript.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Microweber

Published

2025-08-01

Last Modified

2026-02-24

References

https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51502 https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20layout%20parameter.md https://nvd.nist.gov/vuln/detail/CVE-2025-51502 https://access.redhat.com/security/cve/cve-2025-51502