CVE-2020-36397

Name of the Vulnerable Software and Affected Versions: LavaLite version 5.8.0

Description: A stored cross site scripting (XSS) issue in the "/admin/contact/contact" API endpoint allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the New parameter. This enables attackers to potentially manipulate the web application's behavior.

Recommendations: For LavaLite version 5.8.0, consider disabling access to the "/admin/contact/contact" API endpoint until a patch is available, and restrict the use of the New parameter to minimize the risk of exploitation.