← Back

Lepton Cms

lepton_cms

Vendor: Lepton Cms • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-12707
1Lepton Cms
1Lepton Cms
Nov 21, 2024
May 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML eve...Show more
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.Show less