Filtered by vendor Lavalite
Subscribe
Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2023-08-04 | N/A | 7.5 HIGH |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | |||||
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2023-08-04 | N/A | 7.5 HIGH |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | |||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | |||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2021-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | |||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2019-10-15 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||