A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161562/LightCMS-1.3.4-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://gist.github.com/Peithon/1c628ded0c4fc96c6331c3cce1d0c69b | Exploit Third Party Advisory |
https://github.com/eddy8/LightCMS/issues/18 | Exploit Issue Tracking Third Party Advisory |
https://www.exploit-db.com/exploits/49598 | Exploit Third Party Advisory VDB Entry |
Configurations
History
04 Mar 2021, 17:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/161562/LightCMS-1.3.4-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.exploit-db.com/exploits/49598 - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://gist.github.com/Peithon/1c628ded0c4fc96c6331c3cce1d0c69b - Exploit, Third Party Advisory |
01 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Feb 2021, 04:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:lightcms_project:lightcms:1.3.4:*:*:*:*:*:*:* | |
References | (MISC) http://packetstormsecurity.com/files/161562/LightCMS-1.3.4-Cross-Site-Scripting.html - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/eddy8/LightCMS/issues/18 - Exploit, Issue Tracking, Third Party Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
26 Feb 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Feb 2021, 15:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-24 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3355
Mitre link : CVE-2021-3355
CVE.ORG link : CVE-2021-3355
JSON object : View
Products Affected
lightcms_project
- lightcms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')