Cross-Site Scripting (XSS) Vulnerabilities in LightNEasy 3.2.4: Remote Script Injection via Comment Fields

CVE-2011-3978 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.

Learn more about our Web App Pen Testing.