Vulnerability Details CVE-2020-12707
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-12707
-
cpe:2.3:a:lepton-cms:lepton_cms:4.5.0