Описание
Stored XSS in LavaLite 5.8.0
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
Пакеты
Наименование
lavalite/cms
composer
Затронутые версииВерсия исправления
< 5.8.0
5.8.0
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.