## https://sploitus.com/exploit?id=9059223E-6DF4-549C-AFE6-1665EF5900B0
# Microweber Security Advisories
This repository contains public technical references for security issues identified in Microweber v2.0.20.
## Reports
1. Stored Cross-Site Scripting in user profile name rendering
2. Unauthenticated path traversal in `/api_nosession/thumbnail_img`
## Disclosure Status
- The issues were privately reported to the vendor by email in early April 2026.
- As of May 14, 2026, no vendor response has been received.
- A limited public issue was opened in mid-April 2026 for the path traversal issue:
https://github.com/microweber/microweber/issues/1172
- These materials are published as public technical references for vulnerability documentation and CNA/CVE review.
## Repository Structure
- `reports/microweber-xss.md`
- `reports/microweber-path-traversal.md`
- `images/xss/`
- `images/path-traversal/`