e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-4920

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26 and other versions before 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php (3) resend_name parameter to e107_admin/users.php and (4) link BBCode in user signatures.