Description

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

Remediation

References

CVE-2006-3259

Related Vulnerabilities

WordPress Plugin PWG Random Cross-Site Request Forgery (1.11)

WordPress Plugin Accept Donations with PayPal Cross-Site Request Forgery (1.3)

Lighttpd Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2323)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5625)

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)

Severity

Medium

Classification

CVE-2006-3259

Tags

Missing Update Known Vulnerabilities