Description

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

Remediation

References

CVE-2009-3444

Related Vulnerabilities

Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)

WordPress Plugin RokMicroNews Multiple Vulnerabilities (1.5)

IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)

Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)

Severity

Medium

Classification

CVE-2009-3444 CWE-707

Tags

Missing Update Known Vulnerabilities