Cross Site Scripting Vulnerability in Microweber by Microweber

CVE-2024-33298

Summary

A Cross Site Scripting vulnerability exists in Microweber version 2.0.9. This vulnerability allows remote attackers to execute arbitrary code through the 'create new backup' function, specifically via the admin endpoint /admin/module/view?type=admin__backup. Proper input validation and sanitization are necessary to mitigate this security risk.

References