Page 4 of 84 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2015-1057 – e107 2 Bootstrap CMS - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-1057

Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. Vulnerabilidad de XSS en usersettings.php en e107 2.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del valor 'Real Name'. • https://www.exploit-db.com/exploits/35679 http://osvdb.org/show/osvdb/116692 http://www.exploit-db.com/exploits/35679 https://exchange.xforce.ibmcloud.com/vulnerabilities/99627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2015-1041

https://notcve.org/view.php?id=CVE-2015-1041

Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. Vulnerabilidad de XSS en e107_admin/filemanager.php en e107 1.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta de ficheros e107_files/ en QUERY_STRING. • http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Jan/18 http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html http://www.openwall.com/lists/oss-security/2015/01/11/6 http://www.securityfocus.com/bid/71977 https://exchange.xforce.ibmcloud.com/vulnerabilities/99898 https://github.com/e107inc/e107v1/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-9459

https://notcve.org/view.php?id=CVE-2014-9459

Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. Vulnerabilidad de CSRF en la función AdminObserver en e107_admin/users.php en e107 2.0 alpha2 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que añaden usuarios al grupo de administración a través del parámetro id en una acción admin. • http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2014/Dec/124 http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

CVE-2014-4734 – e107 2.0 alpha2 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-4734

Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de XSS en e107_admin/db.php en e107 2.0 alpha2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro type. e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability. • http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/532801/100/0/threaded http://www.securityfocus.com/bid/68674 https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1 https://www.htbridge.com/advisory/HTB23220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2013-7305

https://notcve.org/view.php?id=CVE-2013-7305

fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. fpw.php en e107 hasta la versión 1.0.4 no comprueba el campo user_ban, lo que hace más fácil para atacantes remotos restablecer contraseñas mediante el envío de una petición pwsubmit y aprovechando el acceso a la cuenta de email de un usuario baneado. • http://sourceforge.net/p/e107/svn/13114 • CWE-255: Credentials Management Errors •