Description
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4284)
WebLogic CVE-2019-2646 Vulnerability (CVE-2019-2646)
WordPress Plugin Rotating Testimonial Cross-Site Scripting (1.1)
Oracle JRE CVE-2013-2383 Vulnerability (CVE-2013-2383)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35141)