Lightcms CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-22559	1 Lightcms Project	1 Lightcms	2025-05-29	5.4 Medium
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
CVE-2023-27060	1 Lightcms Project	1 Lightcms	2025-02-26	9.8 Critical
LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
CVE-2022-33009	1 Lightcms Project	1 Lightcms	2024-11-21	4.8 Medium
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
CVE-2021-3355	1 Lightcms Project	1 Lightcms	2024-11-21	5.4 Medium
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
CVE-2021-27112	1 Lightcms Project	1 Lightcms	2024-11-21	9.8 Critical
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

Page 1 of 1.