CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36983
https://notcve.org/view.php?id=CVE-2023-36983
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. • https://github.com/LavaLite/cms https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36983 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36984
https://notcve.org/view.php?id=CVE-2023-36984
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. • https://github.com/LavaLite/cms https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36984 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30124
https://notcve.org/view.php?id=CVE-2023-30124
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/LavaLite/cms/issues/389#issue-1636041104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27238
https://notcve.org/view.php?id=CVE-2023-27238
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. • https://github.com/LavaLite/cms/blob/c0a36dd748c8f7ff53eb16eb572bdeebe72eb420/app/Http/Controllers/ResourceController.php#L8 https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27238 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27237
https://notcve.org/view.php?id=CVE-2023-27237
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. • http://lavalite.com https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27237 https://i.ibb.co/34DSW7B/1.png https://i.ibb.co/kSkqPhQ/3.png https://i.ibb.co/mJq9CH8/2.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •