CVE-2020-36396
The CVE refers to LavaLite 5.8.0, specifically a stored XSS in the /admin/roles/role component. An authenticated attacker can inject arbitrary web scripts/HTML via the New parameter, enabling script execution in the context of the logged-in user. The provided connected documents confirm the vulne...