CVE-2024-58289

UNKNOWN 0.0

Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.

CWE	CWE-79
Vendor	microweber
Product	microweber
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for microweber microweber

Be the first to know when new unknown vulnerabilities affecting microweber microweber are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

microweber / Microweber

2.0.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52058 microweber.me: https://microweber.me/ github.com: https://github.com/microweber/microweber vulncheck.com: https://www.vulncheck.com/advisories/microweber-stored-cross-site-scripting-via-user-profile-fields

Credits

tmrswrr