CVE-2020-23234

Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability exists in LavaLite CMS version 5.8.0 within the Menu Blocks feature. The application fails to properly sanitize user input in the block name field, allowing an authenticated attacker to bypass filters by using HTML event handlers such as ontoggle. This enables the injection of arbitrary JavaScript code that is stored and executed when the block is viewed [1][2].

Exploitation

An attacker with authenticated admin access can exploit this vulnerability by navigating to /admin/block/block, clicking "Categories", selecting a function, and pressing "New". In the "Name" field, the attacker inserts a payload like '><details/open/ontoggle=confirm(1337)> and saves the block. When the block preview is viewed, the injected event handler triggers the XSS [2].

Impact

Successful exploitation results in stored XSS, which can lead to the theft of sensitive data such as cookies and session tokens, redirection to attacker-controlled content, or other malicious actions performed in the context of the victim's browser session [2].

Mitigation

As of the available references, no official patch or fixed version has been disclosed for this vulnerability. Users are advised to monitor the LavaLite CMS project for updates and consider applying input validation or upgrading to a newer version if available [1][2].