pkg:Packagist/lavalite/cms

All known vulnerabilities

• CRITICAL9.8CVE-2023-27238LavaLite vulnerable to web cache poisoning
  from 0, <= 9.0.0
• HIGH7.5CVE-2022-42188Lavalite vulnerable to Arbitrary File Read via Directory Traversal
• MEDIUM6.1CVE-2024-31828Lavalite CMS Cross Site Scripting vulnerability
• MEDIUM6.1LavaLite CMS vulnerable to host header injection attack
  from 0, <= 9.0.0
• MEDIUM5.4LavaLite vulnerable to Cross Site Scripting
  from 0, <= 9.0.0
• MEDIUM5.4LavaLite Stored Cross-site Scripting vulnerability
  from 0, <= 5.8.0
• MEDIUM5.4Stored XSS in LavaLite 5.8.0
  from 0, <= 5.8.0
• MEDIUM5.4Stored XSS in LavaLite 5.8.0
  from 0, < 5.8.0
• MEDIUM5.4Cross Site Scripting (XSS) in LavaLite 5.8.0
  from 0, < 7.0.1
• MEDIUM5.4Stored XSS in LavaLite 5.2.4
  from 0, <= 5.2.4
• MEDIUM5.4Stored XSS in LavaLite 5.5
  from 0
• MEDIUM4.8Cross-site scripting in LavaLite-CMS
  from 0, <= 5.8.0
• MEDIUM4.8Cross Site Scripting in LavaLite CMS
  from 0, <= 5.8.0
• —LavaLite CMS affected by a stored cross-site scripting vulnerability
  from 0, <= 10.1.0