Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
AnalysisAI
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. Affected products include: Lavalite.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User rol
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary file
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensit
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Rated medium severity (CVSS 6.1), this v
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. Rated critical severity (CVSS 9.8), this vu
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is rem
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. Rated medium se
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Rated medium severity (CVSS 5.4
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package crea
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. Rated high severity (CVSS 7.5), this vulnerability is rem
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. Rated medium severity (CVSS 6.1)
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today