PatchSiren

Lightcms Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Lightcms Project CVE published 2026-03-26

CVE-2026-29934

CVE-2026-29934 is a reflected cross-site scripting (XSS) issue affecting Lightcms v2.0 in the /admin/menus component. According to the NVD record, the flaw can be triggered by modifying the Referer request header, allowing attacker-controlled script to run in the context of the victim’s browser.