Peithon

**Name of the Vulnerable Software and Affected Versions** LightCMS version 1.3.4 **Description** A stored-self XSS issue exists, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to "/admin/SensitiveWords". **Recommendations** For LightCMS version 1.3.4, as a temporary workaround, consider restricting access to the "/admin/SensitiveWords" endpoint until a patch is available. Avoid using the vulnerable Title field in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.