CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17434
https://notcve.org/view.php?id=CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. LavaLite versiones hasta 5.7, presenta una vulnerabilidad de tipo XSS por medio de un nombre de cuenta diseñado que es manejado inapropiadamente en la pantalla Manage Clients. • https://github.com/LavaLite/cms/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16551
https://notcve.org/view.php?id=CVE-2018-16551
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. LavaLite 5.5 tiene Cross-Site Scripting (XSS) mediante un URI /edit, tal y como queda demostrado por client/job/job/Zy8PWBekrJ/edit. • https://github.com/LavaLite/cms/issues/259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •