CVE-2020-12707

Posted on by admin

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.

Source: CVE-2020-12707

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다