Microweber prior to 1.2.21 is vulnerable to reflected cross-site scripting (XSS).
microweber/microweber