GHSA-v2f3-f8x4-m3w8

Source

https://github.com/advisories/GHSA-v2f3-f8x4-m3w8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v2f3-f8x4-m3w8/GHSA-v2f3-f8x4-m3w8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v2f3-f8x4-m3w8

Aliases

CVE-2020-23234

Published

2021-08-09T20:38:54Z

Modified

2024-02-16T08:19:41.911731Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross Site Scripting in LavaLite CMS

Details

Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".

Database specific

{
    "nvd_published_at": "2021-07-26T20:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-02T21:50:55Z"
}

References

Affected packages

Packagist / lavalite/cms

Package

Name: lavalite/cms
Purl: pkg:composer/lavalite/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.8.0

Affected versions

v5.*

v5.0.0

v5.1.0

v5.1.1

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.8.0

5.*

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.6.1

5.6.2

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4