An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages...
7.2CVSS
7.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary...
6.1CVSS
6.1AI Score
0.001EPSS
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be...
4.8CVSS
4.8AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS