RSS   Vulnerabilities for 'Lavalite'   RSS

2021-07-26
 
CVE-2020-23234

CWE-79
 

 
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".

 
2021-07-07
 
CVE-2020-23700

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.

 
2021-07-02
 
CVE-2020-36395

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.

 
 
CVE-2020-36396

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.

 
 
CVE-2020-36397

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.

 
2021-04-14
 
CVE-2020-28124

CWE-79
 

 
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.

 
2019-11-13
 
CVE-2019-18883

CWE-79
 

 
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.

 
2019-10-10
 
CVE-2019-17434

CWE-79
 

 
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.

 
2018-09-05
 
CVE-2018-16551

CWE-79
 

 
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.

 
2018-01-03
 
CVE-2017-1000467

CWE-79
 

 
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.

 


Copyright 2024, cxsecurity.com

 

Back to Top