Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lepton-cms lepton vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1000
Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions prior to 1.1.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter...
Lepton-cms Lepton 1.1.1
Lepton-cms Lepton
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
NA
CVE-2012-0998
Directory traversal vulnerability in account/preferences.php in LEPTON prior to 1.1.4 allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the language parameter.
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
Lepton-cms Lepton
Lepton-cms Lepton 1.1.1
NA
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON prior to 1.1.4 allows remote malicious users to execute arbitrary SQL commands via the group_id parameter.
Lepton-cms Lepton 1.1.1
Lepton-cms Lepton
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
6.1
CVSSv3
CVE-2020-12707
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elemen...
Lepton-cms Lepton Cms 4.5.0
6.1
CVSSv3
CVE-2020-12705
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS prior to 4.6.0.
Lepton-cms Leptoncms
NA
CVE-2011-3385
Cross-site scripting (XSS) vulnerability in WebsiteBaker prior to 2.8, as used in LEPTON and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307.
Websitebaker2 Websitebaker 2.6.7
Lepton-cms Lepton
Websitebaker2 Websitebaker
7.2
CVSSv3
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated malicious users to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Lepton-cms Leptoncms 7.0.0
4.8
CVSSv3
CVE-2020-29240
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
Lepton-cms Leptoncms 4.7.0
6.1
CVSSv3
CVE-2020-24872
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote malicious users to execute arbitrary code.
Lepton-cms Leptoncms 4.7.0
NA
CVE-2024-24520
An issue in Lepton CMS v.7.0.0 allows a local malicious user to execute arbitrary code via the upgrade.php file in the languages place.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started