CVSS: 4.3EPSS: 1%CPEs: 47EXPL: 4CVE-2006-3259 – e107 0.7.5 - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3259
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.5, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) el parámetro ep en search.php y (2) el parámetro subject de comment.php (también conocido como el campo Subject cuando se añade un comentario). • https://www.exploit-db.com/exploits/28063 https://www.exploit-db.com/exploits/28078 http://secunia.com/advisories/20727 http://securityreason.com/securityalert/1151 http://www.securityfocus.com/archive/1/437649/100/0/threaded http://www.securityfocus.com/bid/18508 http://www.securityfocus.com/bid/18560 http://www.vupen.com/english/advisories/2006/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27240 https://exchange.xforce.ibmcloud.com/vulnerabilities/27242 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2591
https://notcve.org/view.php?id=CVE-2006-2591
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". • http://e107.org/comment.php?comment.news.788 http://secunia.com/advisories/20262 http://www.osvdb.org/25740 http://www.vupen.com/english/advisories/2006/1963 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2590
https://notcve.org/view.php?id=CVE-2006-2590
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://e107.org/comment.php?comment.news.788 http://secunia.com/advisories/20262 http://www.osvdb.org/25739 http://www.vupen.com/english/advisories/2006/1963 •
CVSS: 5.1EPSS: 2%CPEs: 18EXPL: 0CVE-2006-2416
https://notcve.org/view.php?id=CVE-2006-2416
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 http://securityreason.com/securityalert/905 http://www.osvdb.org/25521 http://www.securityfocus.com/archive/1/433938/100/0/threaded http://www.securityfocus.com/bid/17966 http://www.vupen.com/english/advisories/2006/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/26434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2006-0857 – E107 Website System 0.7.2 Chatbox Plugin - HTML Injection
https://notcve.org/view.php?id=CVE-2006-0857
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. • https://www.exploit-db.com/exploits/27247 http://www.securityfocus.com/archive/1/425388/100/0/threaded http://www.securityfocus.com/bid/16719 https://exchange.xforce.ibmcloud.com/vulnerabilities/24815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •