CVE-2025-51501 – This reflected XSS vulnerability in Microweber ... (How to Fix)

Q: What is the severity of CVE-2025-51501?

CVE-2025-51501 has a CVSS score of 6.1 (MEDIUM). This reflected XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious JavaScript via the id parameter in the live_edit.module_settings API endpoint. When exploited, this can lead to session hijacking, credential theft, or unauthorized actions in the context of the victim's browser. Administrators and users accessing the vulnerable endpoint are primarily affected.

📋 TL;DR

This reflected XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious JavaScript via the id parameter in the live_edit.module_settings API endpoint. When exploited, this can lead to session hijacking, credential theft, or unauthorized actions in the context of the victim's browser. Administrators and users accessing the vulnerable endpoint are primarily affected.

💻 Affected Systems

Products:

Microweber CMS

Versions: 2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of Microweber CMS 2.0 when the live_edit.module_settings endpoint is accessible.

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals admin session cookies, gains full administrative access to the CMS, installs backdoors, defaces websites, or exfiltrates sensitive data.

🟠

Likely Case

Attacker performs session hijacking of logged-in users, steals credentials via phishing, or redirects users to malicious sites.

🟢

If Mitigated

With proper input validation and output encoding, the malicious script is neutralized, preventing execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to trick a user into clicking a malicious link containing the XSS payload in the id parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Update Microweber CMS to the latest patched version. 2. Apply vendor-provided security patches for version 2.0. 3. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to sanitize the id parameter, allowing only alphanumeric characters.

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block requests containing suspicious JavaScript patterns in the id parameter.

🧯 If You Can't Patch

Restrict access to the live_edit.module_settings endpoint to trusted IP addresses only.
Implement Content Security Policy (CSP) headers to mitigate XSS impact by restricting script execution sources.

🔍 How to Verify

Check if Vulnerable:

Test the live_edit.module_settings endpoint by injecting a simple XSS payload like <script>alert('XSS')</script> into the id parameter and check if it executes in the browser.

Check Version:

Check the CMS version in the admin panel or via the software's version file.

Verify Fix Applied:

After patching, repeat the XSS test; the payload should be properly encoded or blocked, with no script execution.

📡 Detection & Monitoring

Log Indicators:

Log entries showing requests to live_edit.module_settings with suspicious id parameter values containing script tags or JavaScript code.

Network Indicators:

HTTP requests with encoded or obfuscated JavaScript in the id parameter of the vulnerable endpoint.

SIEM Query:

source="web_logs" AND uri="/api/live_edit.module_settings" AND query CONTAINS "<script>"

📊 Metadata

CVE ID: CVE-2025-51501

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.14% exploit probability (34.7th percentile)

Published: August 1, 2025

Last Updated: August 19, 2025

🔗 References

https://github.com/progprnv/CVE-Reports Third Party Advisory
https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51501 Exploit,Third Party Advisory
https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20id%20parameter.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-51501, you might also want to check these: