Lucene search

[email protected]NVD:CVE-2011-3978

HistoryOct 04, 2011 - 10:55 a.m.

CVE-2011-3978

2011-10-0410:55:11

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.

Affected configurations

Nvd

Node

lightneasylightneasyMatch3.2.4

VendorProductVersionCPE
lightneasylightneasy3.2.4cpe:2.3:a:lightneasy:lightneasy:3.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lightneasy	lightneasy	3.2.4	cpe:2.3:a:lightneasy:lightneasy:3.2.4:::::::*

References

osvdb.org/75262

secunia.com/advisories/45955

securityreason.com/securityalert/8407

www.lightneasy.org/punbb/viewtopic.php?id=1464

www.rul3z.de/advisories/SSCHADV2011-013.txt

www.securityfocus.com/archive/1/519571/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/69737

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

Related for NVD:CVE-2011-3978

cve1 cvelist1 prion1