Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as “ontoggle,”.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23234
Reference (s):
- https://github.com/LavaLite/cms/issues/320