Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lavalite lavalite vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-17434
LavaLite up to and including 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
Lavalite Lavalite
383
VMScore
CVE-2019-18883
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
Lavalite Lavalite 5.7.0
NA
CVE-2022-42188
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
Lavalite Lavalite 9.0.0
312
VMScore
CVE-2018-16551
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
Lavalite Lavalite 5.5.0
NA
CVE-2023-27237
LavaLite CMS v 9.0.0 exists to be vulnerable to a host header injection attack.
Lavalite Lavalite 9.0.0
NA
CVE-2023-30124
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
Lavalite Lavalite 9.0.0
312
VMScore
CVE-2020-28124
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
Lavalite Lavalite 5.8.0
NA
CVE-2023-36983
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Lavalite Lavalite 9.0.0
NA
CVE-2023-36984
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Lavalite Lavalite 9.0.0
312
VMScore
CVE-2020-36396
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Lavalite Lavalite 5.8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »