Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

lightcms_project

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated ProductsRelated AssignersReports
6Vulnerabilities found
CVE-2026-29934
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 00:00
Updated-02 Apr, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22559
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 22.95%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 00:00
Updated-29 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-27060
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.30% / 84.82%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-33009
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.33% / 56.14%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 22:28
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-27112
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.23% / 84.61%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 15:05
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CVE-2021-3355
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 15:00
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

Action-Not Available
Vendor-lightcms_projectn/a
Product-lightcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')