CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2004-2028 – e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
https://notcve.org/view.php?id=CVE-2004-2028
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. • https://www.exploit-db.com/exploits/24138 http://marc.info/?l=bugtraq&m=108515632622796&w=2 http://secunia.com/advisories/11693 http://www.osvdb.org/6345 http://www.securityfocus.com/bid/10395 https://exchange.xforce.ibmcloud.com/vulnerabilities/16231 •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 4CVE-2003-1191 – E107 - 'Chatbox.php' Denial of Service
https://notcve.org/view.php?id=CVE-2003-1191
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. • https://www.exploit-db.com/exploits/23311 http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html http://secunia.com/advisories/10115 http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21 http://www.osvdb.org/2753 http://www.securityfocus.com/bid/8930 https://exchange.xforce.ibmcloud.com/vulnerabilities/13553 •