Open Redirect in microweber/microweber


Reported on

Feb 13th 2022


An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of By adding an extra slash / the previous fix can be bypassed.

Proof of Concept


The above url will redirect you to


This issue can be leveraged to phishing attacks.

We are processing your report and will contact the microweber team within 24 hours. a year ago
We have contacted a member of the microweber team and are waiting to hear back a year ago
a year ago

Peter Ivanov validated this vulnerability a year ago
Kushagra Sarathe has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov marked this as fixed in 1.2.11 with commit acfc6a a year ago
Peter Ivanov has been awarded the fix bounty
This vulnerability will not receive a CVE
UserManager.php#L258-L277 has been validated
a year ago

No bounty?

to join this conversation