CVE-2008-6589

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
lightneasylightneasy
1.2.2
sqlitesqlite
1.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29833
http://www.osvdb.org/44676
http://www.osvdb.org/44677
http://www.securityfocus.com/archive/1/491064/100/0/threaded
http://www.securityfocus.com/bid/28839
https://exchange.xforce.ibmcloud.com/vulnerabilities/41888
http://secunia.com/advisories/29833
http://www.osvdb.org/44676
http://www.osvdb.org/44677
http://www.securityfocus.com/archive/1/491064/100/0/threaded
http://www.securityfocus.com/bid/28839
https://exchange.xforce.ibmcloud.com/vulnerabilities/41888