MEDIUM
LavaLite
CVE published 2026-01-23
CVE-2025-71177
CVE-2025-71177 is a stored cross-site scripting (XSS) vulnerability affecting LavaLite CMS versions up to and including 10.1.0. The vulnerability exists in the package creation and search functionality, allowing authenticated users to inject malicious HTML or JavaScript in package Name or Description fields. This injected script is stored and later rendered without proper output encoding in package search [truncated]