CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18883 – LavaLite CMS 5.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Existe una vulnerabilidad de tipo XSS en Lavalite CMS versión 5.7, por medio del campo name o designation de admin/profile. LavaLite CMS version 5.7 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html https://github.com/LavaLite/cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17434
https://notcve.org/view.php?id=CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. LavaLite versiones hasta 5.7, presenta una vulnerabilidad de tipo XSS por medio de un nombre de cuenta diseñado que es manejado inapropiadamente en la pantalla Manage Clients. • https://github.com/LavaLite/cms/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16551
https://notcve.org/view.php?id=CVE-2018-16551
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. LavaLite 5.5 tiene Cross-Site Scripting (XSS) mediante un URI /edit, tal y como queda demostrado por client/job/job/Zy8PWBekrJ/edit. • https://github.com/LavaLite/cms/issues/259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000467
https://notcve.org/view.php?id=CVE-2017-1000467
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. LavaLite versión 5.2.4 es vulnerable a Cross-Site Scripting (XSS) persistente en la página blog creation. Esto puede resultar en la interrupción del servicio y la ejecución de código JavaScript. • https://github.com/LavaLite/cms/issues/209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •