16 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. • https://github.com/LavaLite/cms https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36983 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. • https://github.com/LavaLite/cms https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36984 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/LavaLite/cms/issues/389#issue-1636041104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. • https://github.com/LavaLite/cms/blob/c0a36dd748c8f7ff53eb16eb572bdeebe72eb420/app/Http/Controllers/ResourceController.php#L8 https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27238 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. • http://lavalite.com https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27237 https://i.ibb.co/34DSW7B/1.png https://i.ibb.co/kSkqPhQ/3.png https://i.ibb.co/mJq9CH8/2.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •