CVE-2024-31828: Lavalite CMS Cross Site Scripting vulnerability

April 27, 2024 (updated April 30, 2024)

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.

References

github.com/LavaLite/cms
github.com/advisories/GHSA-5hcr-g32p-h74c
jinmu1108.github.io/uncategorized/CVE-2024-31828
nvd.nist.gov/vuln/detail/CVE-2024-31828

Code Behaviors & Features

Detect and mitigate CVE-2024-31828 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →