CVE-2025-70791 is a reflected Cross Site Scripting (XSS) vulnerability affecting Microweber 2.0.19, specifically in the "/admin/order/abandoned" endpoint. The vulnerability arises from improper sanitization of the "orderDirection" parameter, which is reflected in the response without adequate encoding or validation. An attacker can craft a malicious URL embedding JavaScript code in this parameter. When an administrator visits this URL, the injected script executes in the context of the admin's browser session, potentially allowing session hijacking, credential theft, or unauthorized administrative actions. This attack vector relies on social engineering to lure an admin user into clicking the malicious link. The vulnerability was responsibly disclosed and patched in version 2.0.20 of Microweber. No public exploit code or active exploitation has been reported to date. The lack of a CVSS score suggests the need for an independent severity assessment. The vulnerability affects the confidentiality and integrity of admin sessions but requires user interaction and admin privileges to be effective.

For European organizations using Microweber 2.0.19 or earlier, this vulnerability poses a significant risk to the security of their administrative interfaces. Successful exploitation could lead to unauthorized access to sensitive order management functions, manipulation of abandoned order data, and potential compromise of the entire CMS environment. This could result in data breaches, financial fraud, or disruption of e-commerce operations. Given that the attack requires an admin user to be tricked into clicking a malicious link, the risk is somewhat mitigated by user awareness but remains substantial in environments with less stringent security training. The impact on confidentiality and integrity is high, as attackers could execute arbitrary scripts within admin sessions. Availability impact is limited but could occur if attackers use the vulnerability to disrupt admin operations. European organizations with e-commerce or content management systems based on Microweber should prioritize patching to prevent exploitation.

1. Immediate upgrade to Microweber version 2.0.20 or later, where the vulnerability is patched. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the admin interface. 3. Conduct targeted security awareness training for administrators to recognize and avoid phishing attempts involving malicious URLs. 4. Employ web application firewalls (WAFs) with rules to detect and block suspicious query parameters or script injection attempts targeting the "/admin/order/abandoned" endpoint. 5. Regularly audit and monitor admin access logs for unusual activity or access patterns that could indicate attempted exploitation. 6. Consider multi-factor authentication (MFA) for admin accounts to reduce the impact of session hijacking. 7. Review and sanitize all user-controllable inputs in custom or third-party plugins to prevent similar vulnerabilities.