CVE-2019-18883
CVE-2019-18883 is a stored XSS in Lavalite CMS version 5.7, exploitable via the admin/profile name or designation field. The root cause is a vulnerability in Lavalite’s web application code that allows injection of JavaScript into profile fields (as demonstrated by the historical exploit examples...