Lightcms Project Lightcms vulnerabilities
6 known vulnerabilities affecting lightcms_project/lightcms.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2021-3355P3MEDIUMCVSS 5.4PoCv1.3.42021-02-24
CVE-2021-3355 [MEDIUM] CWE-79 CVE-2021-3355: A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
nvd
CVE-2021-27112P3CRITICALCVSS 9.8v1.3.52021-04-15
CVE-2021-27112 [CRITICAL] CVE-2021-27112: LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEdito
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
nvd
CVE-2023-27060P3CRITICALCVSS 9.8v1.3.72023-03-22
CVE-2023-27060 [CRITICAL] CWE-306 CVE-2023-27060: LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:
LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
nvd
CVE-2026-29934P4MEDIUMCVSS 6.1v2.02026-03-26
CVE-2026-29934 [MEDIUM] CWE-79 CVE-2026-29934: A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.
nvd
CVE-2024-22559P4MEDIUMCVSS 5.4v2.02024-01-29
CVE-2024-22559 [MEDIUM] CWE-79 CVE-2024-22559: LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
nvd
CVE-2022-33009P4MEDIUMCVSS 4.8v1.3.112022-06-27
CVE-2022-33009 [MEDIUM] CWE-79 CVE-2022-33009: A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute ar
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
nvd