Stored XSS in LavaLite 5.5 · CVE-2018-16551 · GitHub Advisory Database · GitHub

Stored XSS in LavaLite 5.5

Moderate severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Jul 7, 2023

Package

lavalite/cms (Composer)

Affected versions

< 5.5

Patched versions

None

Description

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.

References

Published by the National Vulnerability Database

Sep 5, 2018

Published to the GitHub Advisory Database May 13, 2022

Last updated Jul 7, 2023

Reviewed Jul 7, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N