WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0997)

Description

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Bulk Delete Users by Email Cross-Site Request Forgery (1.0)

silverstripeCMS Credentials Management Errors Vulnerability (CVE-2010-5092)

MySQL CVE-2022-21313 Vulnerability (CVE-2022-21313)

Oracle JRE CVE-2013-5848 Vulnerability (CVE-2013-5848)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17314)

Severity

Low

Classification

CVE-2010-0997 CWE-707

Tags

Missing Update Known Vulnerabilities