Description

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

Remediation

References

CVE-2009-3444

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Best Sellers Security Bypass (1.1.11)

MySQL CVE-2019-2513 Vulnerability (CVE-2019-2513)

MySQL CVE-2018-3171 Vulnerability (CVE-2018-3171)

WordPress Plugin LISL Last-Image Slider TimThumb Arbitrary File Upload (1.0)

Zope Web Application Server Other Vulnerability (CVE-2006-4684)

Severity

Medium

Classification

CVE-2009-3444 CWE-707

Tags

Missing Update Known Vulnerabilities