A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
References
Link | Resource |
---|---|
https://github.com/eddy8/LightCMS/issues/30 | Exploit Issue Tracking Third Party Advisory |
http://lightcms.com | Product |
https://github.com/eddy8/LightCMS | Third Party Advisory |
Configurations
Information
Published : 2022-06-27 16:15
Updated : 2022-07-06 12:32
NVD link : CVE-2022-33009
Mitre link : CVE-2022-33009
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
lightcms_project
- lightcms