Vulnerabilities > Lavalite > Lavalite > 5.7.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-13 CVE-2019-18883 Cross-site Scripting vulnerability in Lavalite 5.7.0
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
network
lavalite CWE-79
4.3
4.3
2019-10-10 CVE-2019-17434 Cross-site Scripting vulnerability in Lavalite
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
network
lavalite CWE-79
3.5
3.5