Vulnerabilities (CVE)

Filtered by vendor Lavalite Subscribe
Filtered by product Lavalite
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36984 1 Lavalite 1 Lavalite 2024-11-21 N/A 7.5 HIGH
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVE-2023-36983 1 Lavalite 1 Lavalite 2024-11-21 N/A 7.5 HIGH
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVE-2023-30124 1 Lavalite 1 Lavalite 2024-11-21 N/A 5.4 MEDIUM
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-27238 1 Lavalite 1 Lavalite 2024-11-21 N/A 9.8 CRITICAL
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
CVE-2023-27237 1 Lavalite 1 Lavalite 2024-11-21 N/A 6.1 MEDIUM
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVE-2022-42188 1 Lavalite 1 Lavalite 2024-11-21 N/A 7.5 HIGH
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2020-36397 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36396 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36395 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-28124 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
CVE-2020-23700 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
CVE-2020-23234 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
CVE-2019-18883 1 Lavalite 1 Lavalite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
CVE-2019-17434 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
CVE-2018-16551 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
CVE-2017-1000467 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.