Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
6.1CVSS
6.1AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
6.1CVSS
6.1AI Score
0.001EPSS
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
4.8CVSS
4.8AI Score
0.001EPSS
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
7.2CVSS
7.2AI Score
0.001EPSS