2 matches found
CVE-2009-1937
LightNEasy is affected by an XSS vulnerability in its comment posting feature for versions 2.2.1 (no database/flat) and 2.2.2 SQLite. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) commentname, (2) commentemail, and (3) commentmessage parameters. The public r...
CVE-2009-1937
Cross-site scripting XSS vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" aka flat and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the 1 commentname aka Author, 2 commentemail aka Email, and 3 commentmessage aka Comment parameters...