Description
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2004-0751 Vulnerability (CVE-2004-0751)
WordPress Plugin Shantz WordPress QOTD Cross-Site Request Forgery (1.2.2)
WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)