CVE-2024-58289

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-58289
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58289.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58289
Published
2025-12-11T22:15:49.557Z
Modified
2026-03-12T17:13:39.798360Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.

References

Affected packages

Git / github.com/microweber/microweber

Affected ranges

Type
GIT
Repo
https://github.com/microweber/microweber
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd1d665c77dccf32163f4ed4cfa447d6fb74b3b8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.15"
        }
    ]
}

Affected versions

1.*
1.0.3
1.0.5-fix1
1.0.6
1.0.7
1.0.7-fix1
1.1
1.2.9
v1.*
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.20
v1.2.21
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58289.json"