CVE-2020-28124: Cross-site Scripting

April 14, 2021 (updated April 19, 2021)

LavaLite is vulnerable to Cross Site Scripting (XSS) via the Address field.

References

github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3
nvd.nist.gov/vuln/detail/CVE-2020-28124

Code Behaviors & Features

Detect and mitigate CVE-2020-28124 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →