CVE-2020-29240

Name of the Vulnerable Software and Affected Versions Lepton-CMS version 4.7.0

Description The issue is related to cross-site scripting (XSS), where an attacker can inject an XSS payload in the URL field of the admin page. This XSS will be triggered each time an admin visits the Menu-Pages-Pages Overview section.

Recommendations For Lepton-CMS version 4.7.0, as a temporary workaround, consider restricting access to the admin page and the Menu-Pages-Pages Overview section to minimize the risk of exploitation. Avoid using the URL field in the admin page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.