Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.

Affected Packages

Packagist microweber/microweber

Affected versions: 2.0.0 (last affected: 2.0.19)

Related CVEs

CVE-2025-51502

Key Information

GHSA ID

GHSA-mvj3-hc7j-vp74

Published

August 1, 2025 6:31 PM

Last Modified

August 1, 2025 9:06 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.