Description

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.

INFO

Published Date :

2026-02-05T00:00:00.000Z

Last Modified :

2026-02-05T20:53:48.883Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70791 vulnerability.

Vendors Products
Microweber
  • Microweber
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70791.

URL Resource
https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4 cve-icon cve-icon
https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact