CVE-2008-6589

Name of the Vulnerable Software and Affected Versions LightNEasy "no database" (aka flat) version 1.2.2 LightNEasy SQLite version 1.2.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the page parameter to API endpoints such as "index.php" and "LightNEasy.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For LightNEasy "no database" (aka flat) version 1.2.2, consider disabling access to the "index.php" and "LightNEasy.php" endpoints until a patch is available. For LightNEasy SQLite version 1.2.2, restrict the use of the page parameter in the affected API endpoints to minimize the risk of exploitation.