Description
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Memphis Documents Library Cross-Site Request Forgery (3.9.20)
WordPress Plugin Server Status by Hostname/IP SQL Injection (4.6)
WordPress Plugin WP Mail Logging Security Bypass (1.11.2)
WordPress Plugin Ticket Manager Cross-Site Scripting (1)
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)