Description

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6589

Related Vulnerabilities

WebLogic CVE-2016-5488 Vulnerability (CVE-2016-5488)

MySQL CVE-2022-21324 Vulnerability (CVE-2022-21324 )

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2666)

PHP Other Vulnerability (CVE-2006-2563)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4946)

Severity

Medium

Classification

CVE-2008-6589 CWE-707

Tags

Missing Update Known Vulnerabilities