Description

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.

Remediation

References

CVE-2018-17081

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4629)

WordPress Plugin Custom Text Selection Colors Cross-Site Scripting (1.0)

WordPress Plugin Taxonomy Images Multiple Unspecified Vulnerabilities (0.6)

WordPress Plugin Pods-Custom Content Types and Fields Multiple Vulnerabilities (2.4.3)

Ruby Integer Overflow or Wraparound Vulnerability (CVE-2008-2663)

Severity

Medium

Classification

CVE-2018-17081 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities