GHSA-8357-fjvx-xrm8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8357-fjvx-xrm8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-8357-fjvx-xrm8/GHSA-8357-fjvx-xrm8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8357-fjvx-xrm8
- Aliases
-
- CVE-2025-51501
- Published
- 2025-08-01T18:31:18Z
- Modified
- 2025-08-01T21:57:24.702737Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Microweber has Reflected XSS Vulnerability in the id Parameter
- Details
-
Reflected Cross-Site Scripting (XSS) in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
- Database specific
{ "nvd_published_at": "2025-08-01T17:15:52Z", "github_reviewed": true, "github_reviewed_at": "2025-08-01T21:06:23Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-51501
- https://github.com/microweber/microweber
- https://github.com/progprnv/CVE-Reports
- https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51501
- https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20id%20parameter.md
Affected packages
Packagist / microweber/microweber
Package
- Name
- microweber/microweber
- Purl
- pkg:composer/microweber/microweber