CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16381
https://notcve.org/view.php?id=CVE-2018-16381
05 Sep 2018 — e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. e107 2.1.8 tiene Cross-Site Scripting (XSS) mediante el parámetro user_loginname en e107_admin/users.php?mode=mainaction=list. • https://github.com/dhananjay-bajaj/E107-v2.1.8-XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15901
https://notcve.org/view.php?id=CVE-2018-15901
28 Aug 2018 — e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. e107 2.1.8 tiene Cross-Site Request Forgery (CSRF) en "usersettings.php" que afecta al cambio de detalles como las contraseñas de los usuarios, incluyendo a los administradores. • https://github.com/dhananjay-bajaj/e107_2.1.8_csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11127
https://notcve.org/view.php?id=CVE-2018-11127
15 May 2018 — e107 2.1.7 has CSRF resulting in arbitrary user deletion. e107 2.1.7 tiene Cross-Site Request Forgery (CSRF) que resulta en la eliminación de usuarios arbitrarios. • https://github.com/e107inc/e107/issues/3128 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10378
https://notcve.org/view.php?id=CVE-2016-10378
29 May 2017 — e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. e107 2.1.1 permite la inyección SQL por administradores remotos autenticados a través del parámetro pagelist a e107_admin/menus.php, relacionado con la función menuSaveVisibility. • http://code610.blogspot.com/2016/09/sql-injection-in-latest-e107-cms.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8098
https://notcve.org/view.php?id=CVE-2017-8098
24 Apr 2017 — e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker. e107 2.1.4 es vulnerable a CSRF en la instalación de plugins, el meta cambio y el cambio de configuración. Una página web maliciosa puede utilizar solicitudes falsificadas para hacer una descarga e107 e instalar un plug-in proporcionado por el atacante. • http://seclists.org/fulldisclosure/2017/Apr/40 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2015-1057 – e107 2 Bootstrap CMS - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1057
16 Jan 2015 — Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. Vulnerabilidad de XSS en usersettings.php en e107 2.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del valor 'Real Name'. • https://www.exploit-db.com/exploits/35679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1041
https://notcve.org/view.php?id=CVE-2015-1041
15 Jan 2015 — Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. Vulnerabilidad de XSS en e107_admin/filemanager.php en e107 1.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta de ficheros e107_files/ en QUERY_STRING. • http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9459
https://notcve.org/view.php?id=CVE-2014-9459
02 Jan 2015 — Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. Vulnerabilidad de CSRF en la función AdminObserver en e107_admin/users.php en e107 2.0 alpha2 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que añaden usuarios al grupo de admini... • http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4734 – e107 2.0 alpha2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4734
16 Jul 2014 — Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de XSS en e107_admin/db.php en e107 2.0 alpha2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro type. e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability. • https://packetstorm.news/files/id/127499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 1CVE-2013-2750 – e107 - 'content_preset.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2750
22 Jan 2014 — Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de XSS en e107_plugins/content/handlers/content_preset.php de e107 anterior a la versión 1.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrario a través de una cadena de consulta. • https://www.exploit-db.com/exploits/38416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •