CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3978
https://notcve.org/view.php?id=CVE-2011-3978
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en LightNEasy.php en LightNEasy v3.2.4, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de los parámetros (1) commentemail, (2) commentmessage, o (3) commentname en una acción sendcomment sobre una página de noticias. • http://osvdb.org/75262 http://secunia.com/advisories/45955 http://securityreason.com/securityalert/8407 http://www.lightneasy.org/punbb/viewtopic.php?id=1464 http://www.rul3z.de/advisories/SSCHADV2011-013.txt http://www.securityfocus.com/archive/1/519571/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/69737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •