Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Inadequate Encryption Strength Vulnerability (CVE-2021-27885)

Description

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

Remediation

References

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-2581)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1099)

PHP Other Vulnerability (CVE-2007-1287)

WordPress Plugin Fast Secure Contact Form-Clockwork SMS Cross-Site Scripting (2.1.2)

WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)

Severity

High

Classification

CVE-2021-27885 CWE-326 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities