Lavalite: Security Vulnerabilities
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-02
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-02
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-04-14
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-13
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-10
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-05
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-03
Page 2