This host is running LightNEasy and is prone to Cross-Site Scripting vulnerability.

Successful exploitation will allow attacker to inject arbitrary HTML and script code, which will be executed when the malicious comment is viewed and disclose the content of arbitrary files on an affected system. Impact Level: Application

Upgrade to LightNEasy version 3.1 or later. For updates refer to http://www.lightneasy.org/index.php

Multiple flaws arise because, - The input passed to the 'commentname', 'commentemail' and 'commentmessage' parameters when posting a comment is not properly sanitised before being used. - The input passed via the 'page' parameter to LightNEasy.php is not properly sanitised before being used to read files and can be exploited by directory traversal attacks.

LightNEasy version 2.2.1 and prior (no database) and LightNEasy version 2.2.2 and prior (SQLite)

• http://secunia.com/advisories/35354
• http://www.securityfocus.com/archive/1/archive/1/504092/100/0/threaded

---

Updated on 2015-03-25