A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote malicious users to inject JavaScript via the /users/admin/permissions.php URI.
bitweaver bitweaver 3.1.0