lavalite 漏洞與 CVE 列表(19)

產品(CPE): — CVE 數: 19

lavalite 漏洞概覽

彙總 lavalite 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 跨站腳本與路徑處理缺陷 相關,可能在 生產負載與軟體部署 場景中帶來 工作階段劫持與檔案覆寫 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11919 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-70866 LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification. [email protected] 8.8 0.45% 2026-02-13 2026-06-17
CVE-2025-71177 LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without proper output encoding in package search results. When other users view search results that include the malicious package, the injected script executes in their browsers, potentially enabling session hijacki [email protected] 5.1 0.20% 2026-01-23 2026-07-14
CVE-2024-31828 Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. [email protected] 6.1 0.50% 2024-04-26 2026-06-17
CVE-2023-36984 LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. [email protected] 7.5 0.59% 2023-07-31 2026-06-17
CVE-2023-36983 LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. [email protected] 7.5 0.59% 2023-07-31 2026-06-17
CVE-2023-30124 LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). [email protected] 5.4 0.38% 2023-05-17 2026-06-17
CVE-2023-27238 LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. [email protected] 9.8 0.87% 2023-05-12 2026-06-17
CVE-2023-27237 LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. [email protected] 6.1 0.59% 2023-05-12 2026-07-08
CVE-2022-42188 In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. [email protected] 7.5 0.94% 2022-10-18 2026-06-17
CVE-2020-23234 Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". [email protected] 4.8 0.62% 2021-07-26 2026-06-16
CVE-2020-23700 Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. [email protected] 4.8 0.59% 2021-07-07 2026-06-16
CVE-2020-36397 A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. [email protected] 5.4 0.51% 2021-07-02 2026-06-16
CVE-2020-36396 A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. [email protected] 5.4 0.50% 2021-07-02 2026-06-16
CVE-2020-36395 A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. [email protected] 5.4 0.51% 2021-07-02 2026-06-16
CVE-2020-28124 Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. [email protected] 5.4 0.52% 2021-04-14 2026-06-16
CVE-2019-18883 XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. [email protected] 6.1 0.87% 2019-11-13 2026-06-16
CVE-2019-17434 LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. [email protected] 5.4 0.60% 2019-10-10 2026-06-16
CVE-2018-16551 LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. [email protected] 5.4 0.67% 2018-09-05 2026-06-16
CVE-2017-1000467 LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. [email protected] 5.4 0.73% 2018-01-03 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence