CVE-2011-3978 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail (2) commentmessage or (3) commentname parameter in a sendcomment action for the news page.

Reference

http://osvdb.org/75262 http://secunia.com/advisories/45955 http://securityreason.com/securityalert/8407 http://www.lightneasy.org/punbb/viewtopic.php?id=1464 http://www.rul3z.de/advisories/SSCHADV2011-013.txt http://www.securityfocus.com/archive/1/519571/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/69737