Pranav Jayan

5 exploits Active since Jul 2025
CVE-2025-51501 WRITEUP MEDIUM WRITEUP
Microweber >= 2.0.0 - Reflected Cross-Site Scripting via id Parameter in live_edit.module_settings
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
CVSS 6.1
CVE-2025-51502 WRITEUP MEDIUM WRITEUP
Microweber 2.0 - Authenticated Reflected Cross-Site Scripting via Layout Parameter
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
CVSS 6.1
CVE-2025-51503 WRITEUP HIGH WRITEUP
Microweber 2.0 - Stored Cross-Site Scripting in User Profile Fields
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
CVSS 7.6
CVE-2025-51504 WRITEUP HIGH WRITEUP
Microweber CMS 2.0 - Stored Cross-Site Scripting via Last Name Field
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVSS 7.6
CVE-2025-60954 WRITEUP HIGH WRITEUP
Microweber CMS 2.0 - Info Disclosure
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
CVSS 8.3