Vulnerabilities > Lavalite > Low

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2020-23234 Cross-site Scripting vulnerability in Lavalite 5.8.0
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
network
lavalite CWE-79
3.5
3.5
2021-07-07 CVE-2020-23700 Cross-site Scripting vulnerability in Lavalite 5.8.0
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
network
lavalite CWE-79
3.5
3.5
2021-07-02 CVE-2020-36397 Cross-site Scripting vulnerability in Lavalite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
network
lavalite CWE-79
3.5
3.5
2021-07-02 CVE-2020-36396 Cross-site Scripting vulnerability in Lavalite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
network
lavalite CWE-79
3.5
3.5
2021-07-02 CVE-2020-36395 Cross-site Scripting vulnerability in Lavalite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
network
lavalite CWE-79
3.5
3.5
2021-04-14 CVE-2020-28124 Cross-site Scripting vulnerability in Lavalite 5.8.0
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
network
lavalite CWE-79
3.5
3.5
2019-10-10 CVE-2019-17434 Cross-site Scripting vulnerability in Lavalite
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
network
lavalite CWE-79
3.5
3.5
2018-09-05 CVE-2018-16551 Cross-site Scripting vulnerability in Lavalite 5.5.0
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
network
lavalite CWE-79
3.5
3.5
2018-01-03 CVE-2017-1000467 Cross-site Scripting vulnerability in Lavalite 5.2.4
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.
network
lavalite CWE-79
3.5
3.5