CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17434
https://notcve.org/view.php?id=CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. LavaLite versiones hasta 5.7, presenta una vulnerabilidad de tipo XSS por medio de un nombre de cuenta diseñado que es manejado inapropiadamente en la pantalla Manage Clients. • https://github.com/LavaLite/cms/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000467
https://notcve.org/view.php?id=CVE-2017-1000467
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. LavaLite versión 5.2.4 es vulnerable a Cross-Site Scripting (XSS) persistente en la página blog creation. Esto puede resultar en la interrupción del servicio y la ejecución de código JavaScript. • https://github.com/LavaLite/cms/issues/209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •