Browse all 81 CVE security advisories affecting microweber. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Microweber is an open-source drag-and-drop content management system designed for website creation and e-commerce. Its architecture, built on the Laravel framework, has historically exposed it to a significant volume of security flaws, with eighty-one Common Vulnerabilities and Exposures currently recorded. The most prevalent issues involve remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and improper access controls. These vulnerabilities frequently allow attackers to escalate privileges or execute arbitrary commands on the underlying server. While no single catastrophic breach has defined its public history, the sheer number of disclosed defects indicates persistent maintenance challenges. Users must prioritize rigorous patching and configuration hardening to mitigate these risks, as the software’s modular nature can inadvertently expand the attack surface if third-party extensions are not similarly secured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-58289 | Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields — MicroweberCWE-79 | 5.4AI | MediumAI | 2025-12-11 |
| CVE-2021-32856 | Microweber vulnerable to Cross-site Scripting — microweberCWE-79 | 6.1 | Medium | 2023-02-20 |
| CVE-2021-32857 | Cockpit vulnerable to Cross-site Scripting — microweberCWE-79 | 6.1 | Medium | 2023-02-20 |
This page lists every published CVE security advisory associated with microweber. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.