CVE-2026-29934
Reflected XSS in Lightcms v2.0 /admin/menus Allows Script Execution
Publication date: 2026-03-26
Last updated on: 2026-04-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lightcms_project | lightcms | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29934 is a reflected Cross-Site Scripting (XSS) vulnerability in the /admin/menus component of Lightcms version 2.0. It occurs when an attacker modifies the "referer" value in the HTTP request header, which is then improperly validated and encoded by the application. This causes the malicious script embedded in the referer header to be executed in the context of the user's browser when they interact with the menu list, specifically triggering the "Auto Update Menu" function.
The root cause is the failure of Lightcms to properly validate and encode user-supplied input in the referer header before reflecting it back in the response, allowing attackers to inject arbitrary JavaScript.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of a victim's browser without requiring user authentication. This can lead to several impacts including theft of sensitive information such as cookies or session tokens, unauthorized actions performed on behalf of the user, and potential compromise of user accounts or data.
Because the malicious script runs with the same privileges as the user, it can manipulate the web application interface, redirect users to malicious sites, or perform other harmful actions that compromise user security and privacy.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the /admin/menus component of Lightcms v2.0 and inspecting the referer header for suspicious or malicious script content.
One approach is to capture and analyze HTTP traffic to identify requests where the referer header contains potentially malicious JavaScript code.
For example, using command-line tools like curl or wget to send requests with modified referer headers can help test if the system is vulnerable.
- Use curl to send a request with a crafted referer header containing a script payload: curl -H "Referer: <script>alert(1)</script>" http://target/admin/menus
- Use network traffic capture tools like tcpdump or Wireshark to monitor HTTP requests and inspect referer headers for injected scripts.
- Review server logs for requests to /admin/menus with unusual or suspicious referer header values.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict input validation and output encoding for the referer header in the /admin/menus component.
- Validate all input data by checking length, type, syntax, and business rules before processing or displaying it.
- Encode all user-submitted data correctly before output, converting special characters to their corresponding HTML entities.
- Explicitly specify the character encoding (e.g., UTF-8) for output to prevent encoding-based attacks.
- Avoid relying solely on blacklist filtering of characters or keywords, as this can be bypassed.
- Decode and normalize input data before validation to prevent bypass via double decoding or normalization errors.
- Filter or convert special characters in client-submitted data to their safe entity forms to prevent script injection.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The reflected cross-site scripting (XSS) vulnerability in Lightcms v2.0 allows attackers to execute arbitrary JavaScript in the context of a user's browser by manipulating the referer header. This type of vulnerability can lead to unauthorized access to user data, session hijacking, and potential data breaches.
Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive data against unauthorized access and ensure the integrity and confidentiality of user information.
Failure to address this vulnerability could result in non-compliance due to inadequate protection against client-side attacks that may expose or compromise user data.