CVE-2024-40101 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2024-40101?

CVE-2024-40101 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows unauthenticated remote attackers to inject malicious scripts into the '/search' page of Microweber CMS via the 'keywords' parameter. When a user visits a crafted search URL, the attacker's script executes in the victim's browser context. All Microweber installations version 2.0.15 and earlier with the search functionality enabled are affected.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to inject malicious scripts into the '/search' page of Microweber CMS via the 'keywords' parameter. When a user visits a crafted search URL, the attacker's script executes in the victim's browser context. All Microweber installations version 2.0.15 and earlier with the search functionality enabled are affected.

💻 Affected Systems

Products:

Microweber CMS

Versions: 2.0.15 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The search functionality is typically enabled by default. Any installation with the '/search' endpoint accessible is vulnerable.

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Attackers typically steal session cookies to hijack admin accounts, deface websites, or redirect users to phishing pages.

🟢

If Mitigated

With proper input validation and output encoding, the script payload would be rendered harmless as text rather than executed code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit by crafting URLs with malicious payloads in the 'keywords' parameter. Public disclosure includes proof-of-concept examples.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79

Vendor Advisory: http://microweber.com

Restart Required: No

Instructions:

1. Update to the latest Microweber version. 2. Apply the specific commit 0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79 if using source. 3. Clear any caches. 4. Verify the fix by testing search functionality with XSS payloads.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rule

all

Block or sanitize requests containing script tags and JavaScript patterns in the 'keywords' parameter.

Disable Search Functionality

all

Temporarily disable or restrict access to the '/search' endpoint until patching is complete.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources.
Deploy a web application firewall (WAF) with XSS protection rules to filter malicious requests.

🔍 How to Verify

Check if Vulnerable:

Test by accessing '/search?keywords=<script>alert('XSS')</script>' and checking if the script executes in the browser.

Check Version:

Check the Microweber version in the admin panel or via the application's version file.

Verify Fix Applied:

After patching, test the same payload; it should be displayed as plain text without script execution.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to '/search' with script tags or JavaScript patterns in query parameters
Unusual search queries containing HTML/script elements

Network Indicators:

HTTP GET requests with encoded script payloads in URL parameters

SIEM Query:

source="web_logs" url="/search" AND (keywords="*<script>*" OR keywords="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-40101

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: August 6, 2024

Last Updated: March 25, 2025

🔗 References

http://microweber.com Product
https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79 Patch
https://seclists.org/fulldisclosure/2024/Aug/1 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Aug/1

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40101, you might also want to check these: