CVE Daily

CVE-2025-51501

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module...

Medium CVSS 6.1

Overview

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.

CWE: CWE-79 Published: 2025-08-01T17:15:52.370
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags