CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber

Read Time:23 Second

Posted by masquerad3r on Aug 05

Hello team,
Please find the attached POC for CVE-2024-40101 for publication.

Regards,
Prerak Mittal
# Exploit Title: Microweber <=v2.0.15 – Reflected Cross-Site Scripting (XSS)
# Date: 16.07.2024
# Exploit Author: Prerak Mittal
# Vendor Homepage: https://microweber.org/
# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15
# Version: <=v2.0.15
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-40101

# Description:
## App…

USN-7433-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick did not properly limit image dimensions, which could lead to excessive memory consumption. An attacker...

April 14, 2025

openiked-7.4-2.fc42

FEDORA-2025-f55f140c15 Packages in this update: openiked-7.4-2.fc42 Update description: Updated to new release 7.4 Read More

April 13, 2025

83 vulnerabilities in Vasion Print / PrinterLogic

Posted by Pierre Kim on Apr 13 No message preview for long message of 656780 bytes. Read More

April 13, 2025

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

Posted by Rafael Pedrero on Apr 13 <!-- # Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and 11.1.0...

April 13, 2025

Re: APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

Posted by Nick Boyce on Apr 13 [Complete Apple product novice here (my devices all run a non-Apple OS), but...

April 13, 2025

[KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Apr 13 ------------------------------------------------------------------------------------ UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability ------------------------------------------------------------------------------------ [-] Software...

April 13, 2025

NVD Revamps Operations as Vulnerability Reporting Surges

Friday Squid Blogging: Squid and Efficient Solar Tech

Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today

AI Vulnerability Finding

Ransomware reaches a record high, but payouts are dwindling

Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Reimagining Democracy

China-based SMS Phishing Triad Pivots to Banks

Google Cloud: China Achieves “Cyber Superpower” Status

CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber

USN-7433-1: GraphicsMagick vulnerabilities

openiked-7.4-2.fc42

83 vulnerabilities in Vasion Print / PrinterLogic

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

Re: APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

[KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability