CVE-2020-23234: Cross-site Scripting

July 26, 2021 (updated July 30, 2021)

Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as “ontoggle,”.

References

nvd.nist.gov/vuln/detail/CVE-2020-23234

Code Behaviors & Features

Detect and mitigate CVE-2020-23234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →