Summary
Detail | |||
---|---|---|---|
Vendor | Lavalite | First view | 2018-01-03 |
Product | Lavalite | Last view | 2023-08-01 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2023-08-01 | CVE-2023-36984 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
7.5 | 2023-08-01 | CVE-2023-36983 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
5.4 | 2023-05-18 | CVE-2023-30124 | LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). |
9.8 | 2023-05-12 | CVE-2023-27238 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. |
6.1 | 2023-05-12 | CVE-2023-27237 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. |
7.5 | 2022-10-18 | CVE-2022-42188 | In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. |
4.8 | 2021-07-26 | CVE-2020-23234 | Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". |
4.8 | 2021-07-07 | CVE-2020-23700 | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. |
5.4 | 2021-07-02 | CVE-2020-36397 | A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. |
5.4 | 2021-07-02 | CVE-2020-36396 | A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. |
5.4 | 2021-07-02 | CVE-2020-36395 | A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. |
5.4 | 2021-04-14 | CVE-2020-28124 | Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. |
6.1 | 2019-11-13 | CVE-2019-18883 | XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. |
5.4 | 2019-10-10 | CVE-2019-17434 | LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. |
5.4 | 2018-09-05 | CVE-2018-16551 | LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. |
5.4 | 2018-01-03 | CVE-2017-1000467 | LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
92% (12) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
7% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |