Description
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by EllipSiS Security · textwebappsphp
https://www.exploit-db.com/exploits/28078
exploitdb
WORKING POC
VERIFIED
by securityconnection · textwebappsphp
https://www.exploit-db.com/exploits/28063
References (8)
Core 8
Core References
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20727
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27242
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18508
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2460
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18560
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27240
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437649/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1151
Scores
EPSS
0.0905
EPSS Percentile
92.7%
Details
Status
published
Products (47)
e107/e107
0.6_10
e107/e107
0.6_11
e107/e107
0.6_12
e107/e107
0.6_13
e107/e107
0.6_14
e107/e107
0.6_15
e107/e107
0.6_15a
e107/e107
0.7
e107/e107
0.7.1
e107/e107
0.7.2
... and 37 more
Published
Jun 27, 2006
Tracked Since
Feb 18, 2026