CVE-2020-29240

MEDIUM

Lepton-CMS 4.7.0 - XSS

Title source: llm

Description

Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.

Exploits (1)

exploitdb WORKING POC

by Sagar Banwa · textwebappsphp

https://www.exploit-db.com/exploits/49137

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49137

[Product, Vendor Advisory] https://lepton-cms.org/english/home.php

Scores

CVSS v3 4.8

EPSS 0.0027

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

lepton-cms/leptoncms 4.7.0

Published Dec 02, 2020

Tracked Since Feb 18, 2026