Summary
This host is running e107 and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade e107 to version 1.0.3 or later,
For updates refer to http://www.e107.org/
Insight
The flaw is due to input passed via the 'query' parameter to 'content_preset.php', which is not properly sanitised before using it.
Affected
e107 version 1.0.2, Other versions may also be affected.
Detection
Send a crafted string via HTTP GET request and check whether it is able to inject HTML code.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-2750 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability