PT-2009-4393 · Lightneasy · Lightneasy
Published
2009-06-05
·
Updated
2018-10-10
·
CVE-2009-1937
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
LightNEasy versions 2.2.1 through 2.2.2
Description:
A cross-site scripting (XSS) issue exists in the comment posting feature, allowing remote attackers to inject arbitrary web script or HTML via the
commentname, commentemail, and commentmessage parameters.Recommendations:
For LightNEasy version 2.2.1, consider disabling the comment posting feature until a patch is available.
For LightNEasy version 2.2.2, restrict input for the
commentname, commentemail, and commentmessage parameters to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lightneasy