CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Lepton-Cms: >> Lepton Cms Security Vulnerabilities

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.

CVSS Score

6.1

EPSS Score

0.004

Published

2020-05-07

Page 1

Vulnerabilities

Vulnerable Software

Lepton-Cms: >> Lepton Cms Security Vulnerabilities

Products

Pricing

Contact Us