Cross Site Scripting in LavaLite CMS
Moderate severity
GitHub Reviewed
Published
Aug 9, 2021
to the GitHub Advisory Database
•
Updated Jul 6, 2023
Description
Published by the National Vulnerability Database
Jul 26, 2021
Reviewed
Aug 2, 2021
Published to the GitHub Advisory Database
Aug 9, 2021
Last updated
Jul 6, 2023
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
References