Description

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6589

Related Vulnerabilities

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

Apache HTTP Server CVE-2004-0751 Vulnerability (CVE-2004-0751)

WordPress Plugin Shantz WordPress QOTD Cross-Site Request Forgery (1.2.2)

WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

Severity

Medium

Classification

CVE-2008-6589 CWE-707

Tags

Missing Update Known Vulnerabilities