CVE-2010-0997

e107 <0.7.20 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

References (8)

[Patch] http://e107.org/comment.php?comment.news.864

[Various Sources] http://e107.org/svn_changelog.php?version=0.7.20

[Vendor Advisory] http://secunia.com/advisories/39013

[Vendor Advisory] http://secunia.com/secunia_research/2010-43/

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0919

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/57933

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/510809/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/39539

Scores

EPSS 0.0035

EPSS Percentile 57.4%

Classification

CWE

CWE-79

Status published

Affected Products (21)

e107/e107 < 0.7.19

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

e107/e107

... and 6 more

Timeline

Published Apr 20, 2010

Tracked Since Feb 18, 2026