CVE-2023-2014 MEDIUM

CVE-2023-2014: Cross-site Scripting (XSS) - Generic in microweber/microweber

Vendor Microweber
Product microweber/microweber
Weakness CWE-79 · XSS
Published April 13, 2023
Last update February 6, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.

Key dates

02Disclosure timeline

April 13, 2023 CVE published
February 6, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-25117 WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-56242 WordPress Arconix Shortcodes plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-31747 WordPress WP Chrono plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability CVE-2026-2432 CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels