CVE-2011-3978

2011-10-0410:00:00

mitre

www.cve.org

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.

References

osvdb.org/75262

secunia.com/advisories/45955

securityreason.com/securityalert/8407

www.lightneasy.org/punbb/viewtopic.php?id=1464

www.rul3z.de/advisories/SSCHADV2011-013.txt

www.securityfocus.com/archive/1/519571/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/69737