Description

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6589

Related Vulnerabilities

Oracle JRE CVE-2013-2447 Vulnerability (CVE-2013-2447)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.8.6)

Joomla! Core 3.x.x SQL Injection (3.0.0 - 3.4.6)

WordPress Plugin Delete All Comments Arbitrary File Upload (2.0)

WordPress Plugin Sabre 'tools.php' Cross-Site Scripting (1.2.0)

Severity

Medium

Classification

CVE-2008-6589 CWE-707

Tags

Missing Update Known Vulnerabilities