source: https://www.securityfocus.com/bid/52026/info
LEPTON is prone to multiple input-validation vulnerabilities, including:
1. A cross-site scripting vulnerability
2. An SQL-injection vulnerability
3. A local file-include vulnerability
4. Multiple HTML-injection vulnerabilities
Exploiting these issues could allow an attacker to execute arbitrary script and PHP code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LEPTON 1.1.3 is vulnerable; other versions may also be affected.
http://www.example.com/admins/login/forgot/index.php?message=%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E