Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lavalite lavalite vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-17434
LavaLite up to and including 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
Lavalite Lavalite
3.5
CVSSv2
CVE-2020-36395
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
3.5
CVSSv2
CVE-2020-36396
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
NA
CVE-2023-36983
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Lavalite Lavalite 9.0.0
NA
CVE-2023-36984
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Lavalite Lavalite 9.0.0
3.5
CVSSv2
CVE-2020-36397
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
4.3
CVSSv2
CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
Lavalite Lavalite 5.7.0
3.5
CVSSv2
CVE-2020-23700
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
Lavalite Lavalite 5.8.0
NA
CVE-2022-42188
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
Lavalite Lavalite 9.0.0
NA
CVE-2023-27237
LavaLite CMS v 9.0.0 exists to be vulnerable to a host header injection attack.
Lavalite Lavalite 9.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »