e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
| EKU-ID: 29571 | CVE: CVE-2004-2040;OSVDB-6527 | OSVDB-ID: |
| Author: Janek Vind | Published: 2004-05-29 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29571 | CVE: CVE-2004-2040;OSVDB-6527 | OSVDB-ID: |
| Author: Janek Vind | Published: 2004-05-29 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code. - HTML injection in the "email article to a friend" and "submit news" pages.: foobar'><body onload=alert(document.cookie);>