Описание
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
Ссылки
- ProductVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ProductVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lepton-cms:leptoncms:4.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
EPSS
Процентиль: 51%
0.00275
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79