Skip to main content

Lavalite CVE-2018-16551

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-09-05 cve@mitre.org
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 05, 2018 - 22:29 nvd
MEDIUM 5.4

DescriptionNVD

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.

AnalysisAI

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Affected products include: Lavalite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-70866 HIGH POC
8.8 Feb 13

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User rol

CVE-2022-42188 HIGH POC
7.5 Oct 18

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary file

CVE-2024-31828 MEDIUM POC
6.1 Apr 26

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensit

CVE-2019-18883 MEDIUM POC
6.1 Nov 13

XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Rated medium severity (CVSS 6.1), this v

CVE-2023-27238 CRITICAL
9.8 May 12

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. Rated critical severity (CVSS 9.8), this vu

CVE-2023-30124 MEDIUM POC
5.4 May 18

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is rem

CVE-2019-17434 MEDIUM POC
5.4 Oct 10

LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. Rated medium se

CVE-2025-71177 MEDIUM POC
5.1 Jan 23

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package crea

CVE-2023-36984 HIGH
7.5 Aug 01

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2023-36983 HIGH
7.5 Aug 01

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2023-27237 MEDIUM
6.1 May 12

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. Rated medium severity (CVSS 6.1)

Share

CVE-2018-16551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy