LeptonCMS
by Lepton CMS
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12705 | Med | 0.40 | 6.1 | 0.01 | May 7, 2020 | Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | ||
| CVE-2020-12707 | Med | 0.03 | 6.1 | 0.01 | May 7, 2020 | An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT… | ||
| CVE-2025-56704 | 0.00 | — | 0.01 | Dec 9, 2025 | LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code. |
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
- risk 0.03cvss 6.1epss 0.01
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT…
- CVE-2025-56704Dec 9, 2025risk 0.00cvss —epss 0.01
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.