CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36395
https://notcve.org/view.php?id=CVE-2020-36395
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en el componente /admin/user/team de LavaLite versión 5.8.0 permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "New" • https://github.com/LavaLite/cms/issues/321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28124
https://notcve.org/view.php?id=CVE-2020-28124
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en LavaLite versión 5.8.0, por medio del campo Address • https://github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18883 – LavaLite CMS 5.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Existe una vulnerabilidad de tipo XSS en Lavalite CMS versión 5.7, por medio del campo name o designation de admin/profile. LavaLite CMS version 5.7 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html https://github.com/LavaLite/cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17434
https://notcve.org/view.php?id=CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. LavaLite versiones hasta 5.7, presenta una vulnerabilidad de tipo XSS por medio de un nombre de cuenta diseñado que es manejado inapropiadamente en la pantalla Manage Clients. • https://github.com/LavaLite/cms/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16551
https://notcve.org/view.php?id=CVE-2018-16551
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. LavaLite 5.5 tiene Cross-Site Scripting (XSS) mediante un URI /edit, tal y como queda demostrado por client/job/job/Zy8PWBekrJ/edit. • https://github.com/LavaLite/cms/issues/259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •