Cross-Site Scripting (XSS) Vulnerabilities in LightNEasy 3.2.4: Remote Script Injection via Comment Fields
CVE-2011-3978 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.
Learn more about our Web App Pen Testing.