Cross site scripting

2020-05-0720:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

40.7%

JSON

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.

CPENameOperatorVersion
lepton_cmseq4.5.0

CPE	Name	Operator	Version
	lepton_cms	eq	4.5.0

References

gitlab.com/lepton-cms/LEPTON/-/commit/52215f708395a329c9e17ea33bfc6762d4efccbb

0.001 Low

EPSS

Percentile

40.7%

JSON

Related for PRION:CVE-2020-12707