48 matches found
Cross site scripting
Lepton-CMS 4.7.0 is affected by cross-site scripting XSS. An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered...
CVE-2020-29240
CVE-2020-29240 concerns Lepton-CMS 4.7.0, where a cross-site scripting (XSS) vulnerability exists in the admin UI. The vulnerability allows an attacker to inject an XSS payload via the URL field accessed from the Menu-Pages-Pages Overview section; every time an admin visits that page, the payload...
CVE-2020-29240
Lepton-CMS 4.7.0 is affected by cross-site scripting XSS. An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered...
Lepton-CMS Cross-Site Scripting Vulnerability
LeptonCMS is a content management system CMS for the Lepton project. Lepton-CMS 4.7.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject an XSS payload into the URL field of an administrative page, which is triggered whenever an administrator accesses...
LeptonCMS Cross-Site Scripting Vulnerability (CNVD-2020-35505)
LeptonCMS is a content management system CMS for the Lepton Project. A cross-site scripting vulnerability exists in the modules/wysiwyg/save.php file in LeptonCMS version 4.5.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...
LEPTON 2.2.2 - SQL Injection
LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...
LEPTON 2.2.2 - SQL Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...
LEPTON 2.2.2 - Remote Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling Vulnerabilities
Lepton version 2.2.2 Stable suffers from password handling, insecure bruteforce protection, cross site request forgery, and open redirection vulnerabilities. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version http://www.lepton-cms.org/posts/ Link:...
Lepton 2.2.2 Stable SQL Injection Vulnerability
Lepton version 2.2.2 Stable suffers from remote SQL injection vulnerabilities. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: S...
Lepton 2.2.2 Stable Shell Upload Vulnerability
Lepton version 2.2.2 Stable suffers from a remote code execution vulnerability via a remote shell upload. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website:...
Lepton 2.2.2 Stable SQL Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version http://www.lepton-cms.org/posts/ Link: important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability CSRF, Open Redirect, Insecure Bruteforce...
Lepton CMS 2.2.0 / 2.2.1 Directory Traversal
Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1...
Lepton CMS 2.2.02.2.1 - Directory Traversal
Lepton CMS 2.2.02.2.1 - Directory Traversal + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON...
Lepton CMS 2.2.02.2.1 - PHP Code Injection
Lepton CMS 2.2.02.2.1 - PHP Code Injection + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...
Lepton CMS 2.2.0/2.2.1 - Directory Traversal
Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1...