GHSA-mvj3-hc7j-vp74
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mvj3-hc7j-vp74
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-mvj3-hc7j-vp74/GHSA-mvj3-hc7j-vp74.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mvj3-hc7j-vp74
- Aliases
-
- CVE-2025-51502
- Published
- 2025-08-01T18:31:18Z
- Modified
- 2025-08-01T22:12:20.509263Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Microweber has Reflected XSS Vulnerability in the layout Parameter
- Details
-
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2025-08-01T17:15:52Z", "github_reviewed_at": "2025-08-01T21:06:43Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-51502
- https://github.com/microweber/microweber
- https://github.com/progprnv/CVE-Reports
- https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51502
- https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20layout%20parameter.md
Affected packages
Packagist / microweber/microweber
Package
- Name
- microweber/microweber
- Purl
- pkg:composer/microweber/microweber