CVE-2015-1057
e107 2.0.0 - Cross-Site Scripting via Real Name Field in usersettings.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-1057. PoCs published by Ahmet Agar / 0x97.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in e107 v2.0.0 CMS. The vulnerability allows an attacker to inject malicious JavaScript code into the 'Real Name' field in the user settings page, which executes when viewed by other users.
Description
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in e107 v2.0.0 CMS. The vulnerability allows an attacker to inject malicious JavaScript code into the 'Real Name' field in the user settings page, which executes when viewed by other users.