CVE-2024-58289

Sažetak

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.

Reference

https://github.com/microweber/microweber
https://microweber.me/
https://www.exploit-db.com/exploits/52058
https://www.vulncheck.com/advisories/microweber-stored-cross-site-scripting-via-user-profile-fields

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

12-01-2026 - 16:15

Objavljeno

11-12-2025 - 22:15