QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58289

Published: Dec 11, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.

Vendor	Product	Versions
microweber	Microweber	affected `2.0.15`

Weaknesses (CWE)

References

ExploitDB-52058

exploit

Microweber Homepage

product

Microweber GitHub Repository

product

VulnCheck Advisory: Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.