Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-14859 Vulnerability (CVE-2020-14859)
WordPress Plugin Fourteen Extended Cross-Site Scripting (1.2.31)
WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)
WordPress Plugin List Pages Shortcode Cross-Site Scripting (1.7.4)
WordPress Plugin PopCash.Net Code Integration Tool Cross-Site Scripting (1.0)