Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3978

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-3978
Last Modified 13 Feb 2012 11:09:30
Published 04 Oct 2011 06:55:11
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-3978

Summary

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.

Vulnerable Systems

Application

  • Lightneasy 3.2.4


References

XF - lightneasy-lightneasy-multiple-xss(69737)

BUGTRAQ - 20110908 Multiple XSS vulnerabilities in LightNEasy 3.2.4

MISC - http://www.rul3z.de/advisories/SSCHADV2011-013.txt

MISC - http://www.lightneasy.org/punbb/viewtopic.php?id=1464

SECUNIA - 45955

OSVDB - 75262

SREASON - 8407


Last Updated: 27 May 2016 10:58:14