Description

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.

Remediation

References

CVE-2011-4920

Related Vulnerabilities

WordPress Plugin All-in-One Custom Backgrounds Lite Unspecified Vulnerability (2.0.2)

WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)

WordPress Plugin Event Single Page Templates Addon For The Events Calendar Security Bypass (1.5)

WordPress Cross-Site Scripting Vulnerability (0.70 - 4.1.1)

Oracle Database Server CVE-2015-0457 Vulnerability (CVE-2015-0457)

Severity

Medium

Classification

CVE-2011-4920 CWE-707

Tags

Missing Update Known Vulnerabilities