LightNEasy v.1.2.2 flat Multiple Vulnerabilities Author: Gerendi Sandor Attila Date: April 14, 2008 Package: LightNEasy Product homepage: http://lightneasy.uni.cc/ Versions Affected: v.1.2.2 (Other versions may also be affected) Severity: High 1. Cross-Site Scripting (XSS): Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed. Examples: http://somehost/LightNEasy_1_2_2_flat/index.php?page=%00</title><script> alert("xss")</script> http://somehost/LightNEasy_1_2_2_flat/LightNEasy.php?page=%00</title><sc ript>alert("xss")</script> 2. Directory Traversal: Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources. Example: http://somehost/LightNEasy_1_2_2_flat/LightNEasy.php?page=../../../../.. /../../include.txt%00 or: 3. Arbitrary File Creation: Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used to create files. Status: 1. Contacted the author at April 14, 2008 via http://www.lightneasy.org/contact.php. 2. A Security patch was released on April 15, 2008.