3.5
CVE-2011-3978
- EPSS 1.05%
- Veröffentlicht 04.10.2011 10:55:11
- Zuletzt bearbeitet 16.06.2026 23:34:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lightneasy ≫ Lightneasy Version3.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.599 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://osvdb.org/75262
http://secunia.com/advisories/45955
http://securityreason.com/securityalert/8407
http://www.lightneasy.org/punbb/viewtopic.php?id=1464
http://www.rul3z.de/advisories/SSCHADV2011-013.txt
http://www.securityfocus.com/archive/1/519571/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/69737