CVE-2023-43874
https://notcve.org/view.php?id=CVE-2023-43874
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. Vulnerabilidad de múltiples Cross Site Scripting (XSS) en e017 CMS v.2.3.2 permite a un atacante local ejecutar código arbitrario a través de un script manipulado a en los campos Copyright y Autor en el Menú Meta y Etiquetas Personalizadas. • https://github.com/sromanhu/CVE-2023-43874-e107-CMS-Stored-XSS---MetaCustomTags https://github.com/sromanhu/e107-CMS-Stored-XSS---MetaCustomTags/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43873
https://notcve.org/view.php?id=CVE-2023-43873
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. Vulnerabilidad de Cross Site Scripting (XSS) en e017 CMS v.2.3.2 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para el Nombre archivado en el Menú Administrar. • https://github.com/sromanhu/CVE-2023-43873-e107-CMS-Stored-XSS---Manage https://github.com/sromanhu/e107-CMS-Stored-XSS---Manage/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-36121
https://notcve.org/view.php?id=CVE-2023-36121
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. La vulnerabilidad Cross-Site Scripting en e107 v.2.3.2 permite a un atacante remoto ejecutar código arbitrario a través de la función de descripción en el proyecto SEO. • https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284 https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540 https://www.exploit-db.com/exploits/51449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27885 – e107 CMS 2.3.0 - CSRF
https://notcve.org/view.php?id=CVE-2021-27885
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. El archivo usersettings.php en e107 hasta la versión 2.3.0, carece de cierto mecanismo de protección e_TOKEN e107 CMS version 2.3.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/49614 http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472 https://github.com/e107inc/e107/releases • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-11734
https://notcve.org/view.php?id=CVE-2018-11734
In e107 v2.1.7, output without filtering results in XSS. En e107 versión v2.1.7, una salida sin filtrar resulta en un problema de tipo XSS. • https://github.com/e107inc/e107/issues/3170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •