Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote malicious users to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightneasy lightneasy 1.2.2 |
||
sqlite sqlite 1.2.2 |