Description

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

Remediation

References

CVE-2011-4947

Related Vulnerabilities

MySQL CVE-2016-0659 Vulnerability (CVE-2016-0659)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.25)

WordPress Plugin Bitcoin Satoshi Tools:Faucets, Visitor Rewarder, Satoshi Games, Referral Program Cross-Site Request Forgery (1.7.0)

WordPress Plugin WordPress fancyBox Lightbox Cross-Site Scripting (1.0.1)

Jenkins Improper Authentication Vulnerability (CVE-2018-1999045)

Severity

Medium

Classification

CVE-2011-4947 CWE-352

Tags

Missing Update Known Vulnerabilities