Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2024-22559

Disclosure Date: January 29, 2024 (last updated February 02, 2024)
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-27060

Disclosure Date: March 22, 2023 (last updated October 08, 2023)
LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-33009

Disclosure Date: June 27, 2022 (last updated October 07, 2023)
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-27112

Disclosure Date: April 15, 2021 (last updated November 28, 2024)
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-3355

Disclosure Date: February 24, 2021 (last updated February 22, 2025)
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0