CVE-2024-40101 Information

Description

A Reflected Cross-site scripting (XSS) vulnerability exists in ‘/search’ in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the ‘keywords’ parameter.

Reference

http://microweber.com https://seclists.org/fulldisclosure/2024/Aug/1 https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79