Lucene search

[email protected]CVE-2021-3355

HistoryFeb 24, 2021 - 3:15 p.m.

CVE-2021-3355

2021-02-2415:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-3355

stored xss

lightcms

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

Affected configurations

NVD

Node

lightcms_projectlightcmsMatch1.3.4

CPENameOperatorVersion
lightcms_project:lightcmslightcms project lightcmseq1.3.4

CPE	Name	Operator	Version
lightcms_project:lightcms	lightcms project lightcms	eq	1.3.4

References

packetstormsecurity.com/files/161562/LightCMS-1.3.4-Cross-Site-Scripting.html

gist.github.com/Peithon/1c628ded0c4fc96c6331c3cce1d0c69b

github.com/eddy8/LightCMS/issues/18

www.exploit-db.com/exploits/49598

Social References

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVE-2021-3355

cvelist1 nvd1 prion1 osv1 packetstorm1 zdt1 exploitdb1