Headline
CVE-2020-24872: news around LEPTON
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
NEW Security Release LEPTON 4.7.0.
This is again a Security Bugfix. Two days after release of LEPTON 4.6.0 Trung Thanh Le From baomatcoban.info informed us, that the fixes in 4.6.0 are not strong enough.
That’s why we have to release LEPTON 4.7.0 as a Hotfix.
Furtermore please note, that the Droplet "ShowSection is not working from 4.6.0, please use the current Droplet Sectionpicker from LEPAdoR
We are sorry for this inconvinience and ask you strongly to update to LEPTON 4.7.0.
Version 4.7.0 stable is available on Downloadpage and also a mobile Version can be downloaded.
Upgrade to LEPTON 4.7.0 is possible .
Back