Vulnerability Details CVE-2026-29934
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-29934
-
cpe:2.3:a:lightcms_project:lightcms:2.0