CVE-2020-23234
MEDIUM4.8EPSS 0.16%Cross Site Scripting in LavaLite CMS
Published: 8/9/2021Modified: 2/16/2024
Also known as:GHSA-v2f3-f8x4-m3w8
Description
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
Affected packages (1)
- Packagist/lavalite/cmsfrom 0, <= 5.8.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |