CVE-2011-3978

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
lightneasylightneasy
3.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/75262
http://secunia.com/advisories/45955
http://securityreason.com/securityalert/8407
http://www.lightneasy.org/punbb/viewtopic.php?id=1464
http://www.rul3z.de/advisories/SSCHADV2011-013.txt
http://www.securityfocus.com/archive/1/519571/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/69737
http://osvdb.org/75262
http://secunia.com/advisories/45955
http://securityreason.com/securityalert/8407
http://www.lightneasy.org/punbb/viewtopic.php?id=1464
http://www.rul3z.de/advisories/SSCHADV2011-013.txt
http://www.securityfocus.com/archive/1/519571/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/69737