CVE-2013-2750 – e107 - 'content_preset.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2750
Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de XSS en e107_plugins/content/handlers/content_preset.php de e107 anterior a la versión 1.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrario a través de una cadena de consulta. e107 CMS version 1.0.2 suffers from a reflective cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38416 http://sourceforge.net/p/e107/svn/13079 http://www.securityfocus.com/archive/1/526168 https://www.secuvera.de/advisories/TC-SA-2013-01.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6433 – e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)
https://notcve.org/view.php?id=CVE-2012-6433
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107_admin/download.php en e107 v1.0.1 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que realizan los ataques XSS a través del parámetro news_title en una acción create. e107 version 1.0.1 suffers from a cross site request forgery vulnerability that results in arbitrary javascript execution. • https://www.exploit-db.com/exploits/23828 http://e107.org/changelog http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down&r1=12622&r2=12992&sortby=rev http://www.exploit-db.com/exploits/23828 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-6434 – e107 1.0.2 - SQL Injection (via Cross-Site Request Forgery)
https://notcve.org/view.php?id=CVE-2012-6434
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter. Múltiples vulnerabilidades de fasificación de peticiones en sitios cruzados (CSRF) en e107_admin/download.php en e107 v1.0.2 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que realizan los ataques de inyección SQL a través del parámetro (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, o (8) download_class parameter. e107 version 1.0.2 suffers from a cross site request forgery vulnerability that results in SQL injection. • https://www.exploit-db.com/exploits/23829 http://e107.org/changelog http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down&r1=13037&r2=13058&sortby=rev http://www.exploit-db.com/exploits/23829 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2011-5186 – jbShop e107 7 CMS Plugin - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5186
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en jbshop.php en el plugin e107 v7 para jbShop permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro item_id. • https://www.exploit-db.com/exploits/18056 http://www.exploit-db.com/exploits/18056 http://www.osvdb.org/83371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4947
https://notcve.org/view.php?id=CVE-2011-4947
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. Vulnerabilidad de fasificación de peticiones en sitios cruzados (CSRF) en e107_admin/users_extended.php en e107 anteriores a v0.7.26 permite a atacantes remotos secuestrar la autenticación de los usuarios administradores en peticiones para insertar secuencias de comandos en sitios cruzados (XSS) a través del parámetro user_include. • http://e107.org/svn_changelog.php?version=0.7.26 http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 http://www.openwall.com/lists/oss-security/2012/03/28/4 http://www.openwall.com/lists/oss-security/2012/03/29/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/68062 https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html • CWE-352: Cross-Site Request Forgery (CSRF) •