CVE-2020-23234: Cross-site Scripting
(updated )
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as “ontoggle,”.
References
Detect and mitigate CVE-2020-23234 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →