This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Lavalite First view 2018-01-03
Product Lavalite Last view 2023-08-01
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:lavalite:lavalite:5.8.0:*:*:*:*:*:*:* 6
cpe:2.3:a:lavalite:lavalite:9.0.0:*:*:*:*:*:*:* 6
cpe:2.3:a:lavalite:lavalite:5.2.4:*:*:*:*:*:*:* 2
cpe:2.3:a:lavalite:lavalite:5.5.0:*:*:*:*:*:*:* 2
cpe:2.3:a:lavalite:lavalite:5.7.0:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
7.5 2023-08-01 CVE-2023-36984

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
7.5 2023-08-01 CVE-2023-36983

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
5.4 2023-05-18 CVE-2023-30124

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
9.8 2023-05-12 CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
6.1 2023-05-12 CVE-2023-27237

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
7.5 2022-10-18 CVE-2022-42188

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
4.8 2021-07-26 CVE-2020-23234

Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
4.8 2021-07-07 CVE-2020-23700

Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
5.4 2021-07-02 CVE-2020-36397

A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
5.4 2021-07-02 CVE-2020-36396

A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
5.4 2021-07-02 CVE-2020-36395

A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
5.4 2021-04-14 CVE-2020-28124

Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
6.1 2019-11-13 CVE-2019-18883

XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
5.4 2019-10-10 CVE-2019-17434

LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
5.4 2018-09-05 CVE-2018-16551

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
5.4 2018-01-03 CVE-2017-1000467

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.

CWE : Common Weakness Enumeration

%idName
92% (12) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...