VYPR

LeptonCMS

by Lepton CMS

CVEs (3)

  • CVE-2020-12705MedMay 7, 2020
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.

  • CVE-2020-12707MedMay 7, 2020
    risk 0.03cvss 6.1epss 0.01

    An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT…

  • CVE-2025-56704Dec 9, 2025
    risk 0.00cvss epss 0.01

    LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.