Lucene search

K

GoogleOSV:CVE-2021-3355

HistoryFeb 24, 2021 - 3:15 p.m.

CVE-2021-3355

2021-02-2415:15:13

Google

osv.dev

2

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

CPENameOperatorVersion
lightcmseq1.0.0
lightcmseq1.3.1
lightcmseq1.1.1
lightcmseq1.2
lightcmseq1.1.2
lightcmseq1.1
lightcmseq1.3.3
lightcmseq1.3
lightcmseq1.3.2
lightcmseq1.3.4

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/161562/LightCMS-1.3.4-Cross-Site-Scripting.html

gist.github.com/Peithon/1c628ded0c4fc96c6331c3cce1d0c69b

github.com/eddy8/LightCMS/issues/18

www.exploit-db.com/exploits/49598

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

Related for OSV:CVE-2021-3355

cve1 cvelist1 nvd1 zdt1 packetstorm1 prion1 exploitdb1