Description

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.

Remediation

References

CVE-2011-4920

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-6163)

WordPress Plugin pootle button Cross-Site Scripting (1.1.1)

MySQL CVE-2016-0609 Vulnerability (CVE-2016-0609)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2086)

Nginx Out-of-bounds Write Vulnerability (CVE-2011-4315)

Severity

Medium

Classification

CVE-2011-4920 CWE-707

Tags

Missing Update Known Vulnerabilities