Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lavalite
(Lavalite)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-01 | CVE-2023-36983 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | Lavalite | 7.5 | ||
| 2023-08-01 | CVE-2023-36984 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | Lavalite | 7.5 | ||
| 2023-05-18 | CVE-2023-30124 | LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). | Lavalite | 5.4 | ||
| 2023-05-12 | CVE-2023-27237 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | Lavalite | 6.1 | ||
| 2023-05-12 | CVE-2023-27238 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | Lavalite | 9.8 | ||
| 2022-10-18 | CVE-2022-42188 | In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | Lavalite | 7.5 | ||
| 2021-07-26 | CVE-2020-23234 | Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | Lavalite | 4.8 | ||
| 2021-07-07 | CVE-2020-23700 | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | Lavalite | 4.8 | ||
| 2021-07-02 | CVE-2020-36395 | A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | Lavalite | 5.4 | ||
| 2021-07-02 | CVE-2020-36396 | A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | Lavalite | 5.4 |