2 matches found
CVE-2020-23234
CVE-2020-23234 affects LavaLite CMS 5.8.0 (Menu Blocks feature) with a Cross-Site Scripting (XSS) vulnerability that can be bypassed using HTML event handlers such as ontoggle. The available connected sources confirm the product, version, and the XSS in this component, along with the described by...
CVE-2020-23700
CVE-2020-23700 affects LavaLite-CMS 5.8.0, with a Cross-Site Scripting (XSS) vulnerability exposed via the Menu Links feature. The issue is documented across multiple feeds (NVD, Red Hat advisory, OSV, GHSA, CNVD, Veracode, etc.), consistently describing user-controllable script execution through...