Description
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Simon Bieber · textwebappsphp
https://www.exploit-db.com/exploits/38416
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/526168
Various Sources x_refsource_misc
https://www.secuvera.de/advisories/TC-SA-2013-01.txt
Product x_refsource_confirm
http://sourceforge.net/p/e107/svn/13079
Scores
EPSS
0.0053
EPSS Percentile
67.5%
Details
CWE
CWE-79
Status
published
Products (27)
e107/e107
0.7.0
e107/e107
0.7.1
e107/e107
0.7.2
e107/e107
0.7.3
e107/e107
0.7.4
e107/e107
0.7.5
e107/e107
0.7.6
e107/e107
0.7.7
e107/e107
0.7.8
e107/e107
0.7.9
... and 17 more
Published
Jan 22, 2014
Tracked Since
Feb 18, 2026