Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2024-02-05 | N/A | 7.5 HIGH |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | |||||
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2024-02-05 | N/A | 7.5 HIGH |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | |||||
| CVE-2023-27238 | 1 Lavalite | 1 Lavalite | 2024-02-04 | N/A | 9.8 CRITICAL |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | |||||
| CVE-2023-27237 | 1 Lavalite | 1 Lavalite | 2024-02-04 | N/A | 6.1 MEDIUM |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | |||||
| CVE-2023-30124 | 1 Lavalite | 1 Lavalite | 2024-02-04 | N/A | 5.4 MEDIUM |
| LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2024-02-04 | N/A | 7.5 HIGH |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | |||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | |||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | |||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||