Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2022-10-20 | N/A | 7.5 HIGH |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | |||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2021-07-12 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | |||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2021-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | |||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2019-10-15 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||