Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-4083 - Vulnerability Database
e107

e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-4083

Medium
Reference: CVE-2009-4083
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-4083
Title: e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php (2) usersettings.php and (3) newpost.php (4) banlist.php (5) banner.php (6) cpage.php (7) download.php (8) users_extended.php (9) frontpage.php (10) links.php and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794 but there are insufficient details to be certain.