Filtered by vendor Lavalite
Subscriptions
Filtered by product Lavalite
Subscriptions
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2024-10-17 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2024-10-17 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2024-09-17 | N/A |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | ||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2024-08-05 | N/A |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | ||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2024-08-05 | 6.1 Medium |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | ||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-08-05 | 5.4 Medium |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | ||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 5.4 Medium |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | ||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | ||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2024-08-04 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | ||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2024-08-03 | 7.5 High |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2023-30124 | 1 Lavalite | 1 Lavalite | 2024-08-02 | 5.4 Medium |
| LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-27238 | 1 Lavalite | 1 Lavalite | 2024-08-02 | 9.8 Critical |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | ||||
| CVE-2023-27237 | 1 Lavalite | 1 Lavalite | 2024-08-02 | 6.1 Medium |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | ||||
Page 1 of 1.