CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18883 – LavaLite CMS 5.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Existe una vulnerabilidad de tipo XSS en Lavalite CMS versión 5.7, por medio del campo name o designation de admin/profile. LavaLite CMS version 5.7 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html https://github.com/LavaLite/cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17434
https://notcve.org/view.php?id=CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. LavaLite versiones hasta 5.7, presenta una vulnerabilidad de tipo XSS por medio de un nombre de cuenta diseñado que es manejado inapropiadamente en la pantalla Manage Clients. • https://github.com/LavaLite/cms/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •