CNNVD-202512-2065 Information
CNNVD ID
CNNVD-202512-2065
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
Microweber是Microweber开源的一套可提供拖拽功能的网上商店管理系统。该系统包括添加商品、图片等模块。 Microweber 2.0.15版本存在跨站脚本漏洞,该漏洞源于用户个人资料字段存在存储型跨站脚本,可能导致执行任意JavaScript。
Description (English)
Microweber is an open source of Microroweber ’ s web-based store management system, which provides drag and drag functions. The system includes modules such as additions to commodities, pictures, etc. Microweber 2.0.15 has a cross-site script loophole, which stems from the existence of a storage-type cross-site script in the user ’ s personal data field, which may result in the execution of any JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Microweber
Published
2025-12-11
Last Modified
2026-02-24
References
https://github.com/microweber/microweber https://microweber.me/ https://www.exploit-db.com/exploits/52058 https://www.vulncheck.com/advisories/microweber-stored-cross-site-scripting-via-user-profile-fields
Patch
https://github.com/microweber/microweber/releases
Share on: