Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions prior to 1.1.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lepton-cms lepton 1.1.1 |
||
lepton-cms lepton |
||
lepton-cms lepton 1.1.2 |
||
lepton-cms lepton 1.1.0 |