Lightcms Project: >> Lightcms Security Vulnerabilities
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-26
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-29
LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
CVSS Score
9.8
EPSS Score
0.023
Published
2023-03-22
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-06-27
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-04-15
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-24