GHSA-v2f3-f8x4-m3w8

Source

https://github.com/advisories/GHSA-v2f3-f8x4-m3w8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v2f3-f8x4-m3w8/GHSA-v2f3-f8x4-m3w8.json

Aliases

CVE-2020-23234

Published

2021-08-09T20:38:54Z

Modified

2024-02-16T08:19:41.911731Z

Details

Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".

References

https://nvd.nist.gov/vuln/detail/CVE-2020-23234
https://github.com/LavaLite/cms/issues/320

Affected packages

Packagist / lavalite/cms

Package

Name: lavalite/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

5.8.0

Affected versions

v5.*

v5.0.0

v5.1.0

v5.1.1

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.8.0

5.*

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.6.1

5.6.2

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4