2 matches found
CVE-2019-17434
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen...
CVE-2019-17434
LavaLite CMS ≤ 5.7 is affected by a cross-site scripting (XSS) vulnerability triggered by a crafted account name on the Manage Clients screen. The root cause is mishandling/validation of client-side data in the web application (CVE-2019-17434). Some sources indicate exploitation may require admin...