2 matches found
CVE-2017-16904
The CVE concerns LvyeCMS (admin.php, Public tologin) up to version 3.1 where a crafted username enables cross-site scripting. The underlying cause is mishandling of the username during admin log viewing, allowing an attacker to inject Web script/HTML that is executed in an administrator’s view. S...
CVE-2017-16904
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...