Description

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6589

Related Vulnerabilities

WordPress Plugin WP Easy Gallery Multiple Unspecified Vulnerabilities (2.7)

Internet Information Services Other Vulnerability (CVE-1999-0253)

WordPress Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-29447)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.6)

Play Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-13864)

Severity

Medium

Classification

CVE-2008-6589 CWE-707

Tags

Missing Update Known Vulnerabilities