CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

EUVD-2026-16211

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

CVE-2026-29934

CVE-2026-29934 describes a reflected XSS in Lightcms v2.0, specifically the /admin/menus component. An attacker can inject arbitrary JavaScript by manipulating the Referer header in requests, causing the payload to execute in the user’s browser context. Public notes across multiple feeds corrobor...

Jianhua Sun LightCMS 安全漏洞

Jianhua Sun LightCMS is an open-source application developed by Jianhua Sun. It provides a lightweight CMS system and can also be used as a general-purpose backend management framework. The Jianhua Sun LightCMS v2.0 version has a security vulnerability, which stems from a reflection-type XSS...

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

PT-2026-28391

Name of the Vulnerable Software and Affected Versions Lightcms version 2.0 Description A reflected cross-site scripting XSS issue exists in the /admin/menus component. This allows attackers to execute arbitrary Javascript within a user's browser by altering the referer value in the request header...

EUVD-2025-14829

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-14238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId...

Juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions that stems from improper access control in the file /admin-cp/menus...

CVE-2025-28057

owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...

CVE-2025-28057

owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...

Owl Admin 安全漏洞

Owl Admin is a fast and flexible backend framework from Owl Admin. A security vulnerability exists in Owl Admin v3.2.2 through v4.10.2, which stems from an SQL injection in /admin-api/system/adminmenus/saveorder...

CVE-2025-28057

owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...

PT-2024-20254 · WordPress · Float Menu

Name of the Vulnerable Software and Affected Versions: The Float menu WordPress plugin versions prior to 6.0.1 Description: The issue is related to the lack of a CSRF check in the bulk actions of the plugin, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF...

Coffee - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-011

The Coffee module helps you to navigate through the Drupal admin menus faster with a shortcut popup. The module doesn't sufficiently escape menu names when displaying them in the popup, thereby exposing a XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

Jeesite Security Breach

Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view...

CVE-2022-32335

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/managemenu.php?id=...