Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lavalite lavalite vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-36396
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
3.5
CVSSv2
CVE-2020-36397
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
3.5
CVSSv2
CVE-2020-28124
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
Lavalite Lavalite 5.8.0
4.3
CVSSv2
CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
Lavalite Lavalite 5.7.0
3.5
CVSSv2
CVE-2019-17434
LavaLite up to and including 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
Lavalite Lavalite
3.5
CVSSv2
CVE-2018-16551
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
Lavalite Lavalite 5.5.0
3.5
CVSSv2
CVE-2017-1000467
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.
Lavalite Lavalite 5.2.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2