Skip to main content

Lightcms

5 CVEs product

Monthly

CVE-2024-22559 MEDIUM POC This Month

LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27060 CRITICAL POC Act Now

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Lightcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33009 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-27112 CRITICAL POC Act Now

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Lightcms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-3355 MEDIUM POC This Month

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
7.2%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Lightcms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Lightcms
NVD GitHub
EPSS 7% CVSS 5.4
MEDIUM POC This Month

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy