Vulnerabilities > Lavalite

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2023-36983 Unspecified vulnerability in Lavalite 9.0.0
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
network
low complexity
lavalite
7.5
2023-08-01 CVE-2023-36984 Unspecified vulnerability in Lavalite 9.0.0
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
network
low complexity
lavalite
7.5
2023-05-18 CVE-2023-30124 Cross-site Scripting vulnerability in Lavalite 9.0.0
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
lavalite CWE-79
5.4
2023-05-12 CVE-2023-27237 Cross-site Scripting vulnerability in Lavalite 9.0.0
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
network
low complexity
lavalite CWE-79
6.1
2023-05-12 CVE-2023-27238 Unspecified vulnerability in Lavalite 9.0.0
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
network
low complexity
lavalite
critical
9.8
2022-10-18 CVE-2022-42188 Path Traversal vulnerability in Lavalite 9.0.0
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
network
low complexity
lavalite CWE-22
7.5
2021-07-26 CVE-2020-23234 Cross-site Scripting vulnerability in Lavalite 5.8.0
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
network
low complexity
lavalite CWE-79
4.8
2021-07-07 CVE-2020-23700 Cross-site Scripting vulnerability in Lavalite 5.8.0
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
network
low complexity
lavalite CWE-79
4.8
2021-07-02 CVE-2020-36395 Cross-site Scripting vulnerability in Lavalite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
network
low complexity
lavalite CWE-79
5.4
2021-07-02 CVE-2020-36396 Cross-site Scripting vulnerability in Lavalite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
network
low complexity
lavalite CWE-79
5.4