CVE-2017-16904

2017-11-20T19:29:00
ID CVE-2017-16904
Type cve
Reporter cve@mitre.org
Modified 2017-12-12T15:32:00

Description

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.