VYPR

Lightcms

by Lightcms Project

Source repositories

CVEs (6)

  • CVE-2023-27060CriMar 22, 2023
    risk 0.64cvss 9.8epss 0.01

    LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.

  • CVE-2021-27112CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.02

    LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

  • CVE-2026-29934MedMar 26, 2026
    risk 0.40cvss 6.1epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

  • CVE-2021-3355MedFeb 24, 2021
    risk 0.39cvss 5.4epss 0.07

    A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

  • CVE-2024-22559MedJan 29, 2024
    risk 0.35cvss 5.4epss 0.00

    LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.

  • CVE-2022-33009MedJun 27, 2022
    risk 0.31cvss 4.8epss 0.01

    A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.