7 matches found
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
LightCMS 1.3.4 Cross Site Scripting
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...
LightCMS 1.3.4 - 'exclusive' Stored XSS
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...
CVE-2021-3355
creationtimestamp| type| source ---|---|--- 2021-02-24 18:36:57+00:00| seen| https://t.me/cibsecurity/24080 2024-11-14 06:08:09+00:00| seen| MISP/6daef9d1-6e3b-4168-ac75-0660f673be22...
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
CVE-2021-3355
LightCMS v1.3.4 contains a stored-self XSS in the Title field used for Sensitive Words (to /admin/SensitiveWords). Exploitation involves injecting HTML/JavaScript into the vulnerable title, with PoC payloads available (e.g., from Exploit-DB). The issue is confirmed across multiple sources (NVD, C...