CVE-2011-4920

E107 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/78047

[Third Party Advisory, VDB Entry] http://osvdb.org/78048

[Third Party Advisory, VDB Entry] http://osvdb.org/78049

[Vendor Advisory] http://secunia.com/advisories/46706

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72010

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72104

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51253

[Mailing List] http://www.openwall.com/lists/oss-security/2012/01/04/3

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

CWE

CWE-79

Status published

Affected Products (2)

e107/e107

n/a/n/a

Timeline

Published Jan 04, 2012

Tracked Since Feb 18, 2026