Cross-site Scripting Affecting lavalite/cms package, versions >=0.0.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Scripting vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-LAVALITECMS-6730104
  • published30 Apr 2024
  • disclosed27 Apr 2024
  • creditF1sher

Introduced: 27 Apr 2024

CVE-2024-31828  (opens in a new tab)
CWE-79  (opens in a new tab)

How to fix?

There is no fixed version for lavalite/cms.

Overview

Affected versions of this package are vulnerable to Cross-site Scripting due to improper validation of user-supplied input. An attacker can transmit private data, redirect the victim to web content controlled by the attacker, or perform other malicious operations on the user’s machine under the guise of the vulnerable site.

References

CVSS Scores

version 3.1