CVE-2023-36121

MEDIUM

e107 2.3.2 - Cross-Site Scripting via SEO Project Description Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36121. PoCs published by Hubert Wojciechowski.

AI-analyzed exploit summary This is a working proof-of-concept for a reflected XSS vulnerability in e107 v2.3.2. The exploit demonstrates multiple attack vectors, including unauthorized and authorized XSS payloads, targeting the 'content' and 'for' parameters in different endpoints.

Description

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

Exploits (1)

exploitdb WORKING POC
by Hubert Wojciechowski · textwebappsphp
https://www.exploit-db.com/exploits/51449

This is a working proof-of-concept for a reflected XSS vulnerability in e107 v2.3.2. The exploit demonstrates multiple attack vectors, including unauthorized and authorized XSS payloads, targeting the 'content' and 'for' parameters in different endpoints.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: e107 v2.3.2
No auth needed
Prerequisites: Access to the target web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0107
EPSS Percentile 60.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
e107/e107 2.3.2
Published Aug 02, 2023
Tracked Since Feb 18, 2026