Description
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin SoundCloud Is Gold Cross-Site Scripting (2.3.1)
WordPress Plugin Canalplan Cross-Site Scripting (3.22)
WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)
WordPress Plugin AJS Instagram Feed Cross-Site Scripting (1.0)