Moderate severityNVD Advisory· Published Feb 20, 2023· Updated Mar 10, 2025
Microweber vulnerable to Cross-site Scripting
CVE-2021-32856
Description
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
microweber/microweberPackagist | <= 1.2.12 | — |
Affected products
2- Range: 1.2.12
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-mv37-xrmc-hf64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32856ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2021-1005-MicroweberghsaADVISORY
- github.com/microweber/microweber/commit/f3b86d59ab674dbf514f9f9948ddfa091739ab75ghsaWEB
- securitylab.github.com/advisories/GHSL-2021-1005-Microweber/mitre
News mentions
0No linked articles in our index yet.