CVE-2017-16904

Publication date

2017-11-20 19:00:00

Family

mitre

State

PUBLISHED

Description

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.