Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (last affected: 1.2.12)

Related CVEs

CVE-2021-32856

Key Information

GHSA ID

GHSA-mv37-xrmc-hf64

Published

February 21, 2023 3:30 PM

Last Modified

February 22, 2023 12:10 AM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.