PT-2018-13627 · Lavalite · Lavalite

Honnycyo

·

Publicado

2018-09-05

·

Atualizado

2022-05-13

·

CVE-2018-16551

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions LavaLite version 5.5
Description The issue is related to a Cross-Site Scripting (XSS) problem. It can be triggered via the /edit URI, as demonstrated by the example client/job/job/Zy8PWBekrJ/edit.
Recommendations For LavaLite version 5.5, consider restricting access to the /edit URI until a patch is available. As a temporary workaround, avoid using the /edit endpoint to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-16551
GHSA-PXXP-283V-XPQ5

Produtos afetados

Lavalite