Product:

Lavalite

(Lavalite)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2022-10-18 CVE-2022-42188 In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. Lavalite 7.5
2023-05-12 CVE-2023-27238 LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. Lavalite 9.8
2023-05-12 CVE-2023-27237 LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. Lavalite 6.1
2023-05-18 CVE-2023-30124 LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). Lavalite 5.4
2021-04-14 CVE-2020-28124 Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. Lavalite 5.4
2021-07-02 CVE-2020-36395 A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. Lavalite 5.4
2021-07-02 CVE-2020-36396 A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. Lavalite 5.4
2021-07-02 CVE-2020-36397 A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. Lavalite 5.4
2021-07-07 CVE-2020-23700 Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. Lavalite 4.8
2021-07-26 CVE-2020-23234 Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". Lavalite 4.8