Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lepton-cms lepton vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2012-0998
Directory traversal vulnerability in account/preferences.php in LEPTON prior to 1.1.4 allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the language parameter.
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
Lepton-cms Lepton
Lepton-cms Lepton 1.1.1
668
VMScore
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON prior to 1.1.4 allows remote malicious users to execute arbitrary SQL commands via the group_id parameter.
Lepton-cms Lepton 1.1.1
Lepton-cms Lepton
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
383
VMScore
CVE-2012-1000
Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions prior to 1.1.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter...
Lepton-cms Lepton 1.1.1
Lepton-cms Lepton
Lepton-cms Lepton 1.1.2
Lepton-cms Lepton 1.1.0
383
VMScore
CVE-2020-12707
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elemen...
Lepton-cms Lepton Cms 4.5.0
383
VMScore
CVE-2020-12705
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS prior to 4.6.0.
Lepton-cms Leptoncms
383
VMScore
CVE-2011-3385
Cross-site scripting (XSS) vulnerability in WebsiteBaker prior to 2.8, as used in LEPTON and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307.
Websitebaker2 Websitebaker 2.6.7
Lepton-cms Lepton
Websitebaker2 Websitebaker
NA
CVE-2020-24872
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote malicious users to execute arbitrary code.
Lepton-cms Leptoncms 4.7.0
NA
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated malicious users to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Lepton-cms Leptoncms 7.0.0
312
VMScore
CVE-2020-29240
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
Lepton-cms Leptoncms 4.7.0
NA
CVE-2024-24520
An issue in Lepton CMS v.7.0.0 allows a local malicious user to execute arbitrary code via the upgrade.php file in the languages place.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started