logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-23234 lavalite/cms

Package

Manager: composer
Name: lavalite/cms
Vulnerable Version: >=0 <=5.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0016 pctl0.37466

Details

Cross Site Scripting in LavaLite CMS Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".

Metadata

Created: 2021-08-09T20:38:54Z
Modified: 2023-07-06T21:32:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v2f3-f8x4-m3w8/GHSA-v2f3-f8x4-m3w8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v2f3-f8x4-m3w8
Finding: F425
Auto approve: 1