Cross-Site Scripting Vulnerabilities in LEPTON CMS by Lepton
CVE-2012-1000

Currently unrated

Key Information:

Vendor: Lepton-cms
Status: Lepton
Vendor: CVE Published:; 24 February 2012

What is CVE-2012-1000?

LEPTON CMS versions prior to 1.1.4 are susceptible to multiple cross-site scripting flaws. Attackers can exploit these vulnerabilities by injecting arbitrary scripts through the message parameter in admins/login/forgot/index.php and through display_name or email parameters in account/preferences.php. This exploitation can lead to unauthorized actions or data exposure, presenting significant risks to users and system integrity.

References

http://www.lepton-cms.org/media/changelog/changelog_1.1.4...

x_refsource_CONFIRM

http://www.lepton-cms.org/posts/security-release-lepton-1...

x_refsource_CONFIRM

https://www.htbridge.ch/advisory/HTB23072

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 24, 2012

Lepton-cms

What is CVE-2012-1000?

References

Timeline