📦 Lavalite

LavaLite CMS v9.0.0 contains a web cache poisoning vulnerability that allows attackers to inject malicious content into web caches. This can lead to users receiving poisoned content when accessing cac...

LavaLite CMS 10.1.0 has an access control vulnerability where authenticated users with low-level privileges can bypass role restrictions and access the admin backend. This occurs because the admin and...

LavaLite CMS v9.0.0 contains a sensitive data exposure vulnerability that allows attackers to access confidential information without proper authentication. This affects all installations running the ...

LavaLite CMS versions up to 10.1.0 contain a stored cross-site scripting vulnerability where authenticated users can inject malicious scripts into package Name or Description fields. These scripts exe...