Description

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

Remediation

References

CVE-2010-0997

Related Vulnerabilities

WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)

WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.7.4)

Oracle JRE CVE-2014-2410 Vulnerability (CVE-2014-2410)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.15)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)

Severity

Low

Classification

CVE-2010-0997 CWE-707

Tags

Missing Update Known Vulnerabilities