CVE Daily

CVE-2025-51502

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parame...

Medium CVSS 6.1

Overview

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.

CWE: CWE-79 Published: 2025-08-01T17:15:52.500
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags