Moderate severityNVD Advisory· Published Apr 14, 2021· Updated Aug 4, 2024
CVE-2020-28124
CVE-2020-28124
Description
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lavalite/cmsPackagist | < 7.0.1 | 7.0.1 |
Affected products
2- LavaLite/LavaLitedescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6r6h-vhg7-53x7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28124ghsaADVISORY
- github.com/418sec/cms/pull/1ghsaWEB
- github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3mitrex_refsource_MISC
- github.com/LavaLite/cms/pull/339ghsaWEB
- github.com/LavaLite/cms/pull/339/commits/fe5e71c34d37a601e6208f671e34f04b56e3a02dghsaWEB
News mentions
0No linked articles in our index yet.