Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2024-24399

Disclosure Date: January 25, 2024 (last updated April 01, 2024)
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-24872

Disclosure Date: August 11, 2023 (last updated October 08, 2023)
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-29240

Disclosure Date: December 02, 2020 (last updated February 22, 2025)
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-12705

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0