LavaLite CMS 5.8.0 Menu Blocks Feature XSS Vulnerability

LavaLite CMS 5.8.0 Menu Blocks Feature XSS Vulnerability

CVE-2020-23234 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".

Learn more about our Cms Pen Testing.