| Vulnerability Name: | CVE-2008-6589 (CCN-41888) | ||||||||
| Assigned: | 2008-04-18 | ||||||||
| Published: | 2008-04-18 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Apr 18 2008 - 03:10:28 CDT LightNEasy v.1.2.2 flat Multiple Vulnerabilities Source: MITRE Type: CNA CVE-2008-6589 Source: CCN Type: SA29833 LightNEasy Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 29833 Source: CCN Type: LightNEasy Web site LightNEasy - Home Source: OSVDB Type: Exploit 44676 Source: OSVDB Type: Exploit 44677 Source: CCN Type: OSVDB ID: 44676 LightNEasy index.php page Parameter XSS Source: CCN Type: OSVDB ID: 44677 LightNEasy LightNEasy.php page Parameter XSS Source: BUGTRAQ Type: UNKNOWN 20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities Source: BID Type: UNKNOWN 28839 Source: CCN Type: BID-28839 LightNEasy 1.2.2 Flat Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN lightneasy-page-xss(41888) Source: XF Type: UNKNOWN lightneasy-page-xss(41888) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||