E107 'Referer' Header Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to remote Cross-Site Scripting vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists due to error in 'email.php' in 'news.1' action. It does not properly filter HTML code from user-supplied input in the HTTP 'Referer' header before displaying the input.

Affected

e107 version 0.7.16 and prior.

References

http://secunia.com/advisories/36832/
http://websecurity.com.ua/3528/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3444
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat DOS Device Name XSS
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities

e107 'Referer' Header Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities