CVE-2025-51502
published 2025-08-01CVE-2025-51502: Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.71%
49.0th percentile
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | — | — |
| microweber | microweber | 2.0.0 – 2.0.19 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Microweber has Reflected XSS Vulnerability in the layout Parameter
ghsa·2025-08-01
CVE-2025-51502 [MEDIUM] CWE-79 Microweber has Reflected XSS Vulnerability in the layout Parameter
Microweber has Reflected XSS Vulnerability in the layout Parameter
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
OSV
Microweber has Reflected XSS Vulnerability in the layout Parameter
osv·2025-08-01
CVE-2025-51502 [MEDIUM] Microweber has Reflected XSS Vulnerability in the layout Parameter
Microweber has Reflected XSS Vulnerability in the layout Parameter
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
No detection rules found.
Nuclei
Microweber CMS 2.0 - Reflected XSS in Admin Page Creation
nuclei·CVSS 6.1
CVE-2025-51502 [MEDIUM] Microweber CMS 2.0 - Reflected XSS in Admin Page Creation
Microweber CMS 2.0 - Reflected XSS in Admin Page Creation
Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users.
Template:
id: CVE-2025-51502
info:
name: Microweber CMS 2.0 - Reflected XSS in Admin Page Creation
author: nukunga
severity: medium
description: |
Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users.
impact: |
Authenticated attackers can execute arbitrary JavaScript in victim browsers through the layout parameter in page creation, potentially enabling session h
No writeups or analysis indexed.
2025-08-01
Published