57 results (0.003 seconds)

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. El archivo usersettings.php en e107 hasta la versión 2.3.0, carece de cierto mecanismo de protección e_TOKEN e107 CMS version 2.3.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/49614 http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472 https://github.com/e107inc/e107/releases • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. Vulnerabilidad de XSS en usersettings.php en e107 2.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del valor 'Real Name'. • https://www.exploit-db.com/exploits/35679 http://osvdb.org/show/osvdb/116692 http://www.exploit-db.com/exploits/35679 https://exchange.xforce.ibmcloud.com/vulnerabilities/99627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. Vulnerabilidad de XSS en e107_admin/filemanager.php en e107 1.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta de ficheros e107_files/ en QUERY_STRING. • http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Jan/18 http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html http://www.openwall.com/lists/oss-security/2015/01/11/6 http://www.securityfocus.com/bid/71977 https://exchange.xforce.ibmcloud.com/vulnerabilities/99898 https://github.com/e107inc/e107v1/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. Vulnerabilidad de CSRF en la función AdminObserver en e107_admin/users.php en e107 2.0 alpha2 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que añaden usuarios al grupo de administración a través del parámetro id en una acción admin. • http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2014/Dec/124 http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de XSS en e107_admin/db.php en e107 2.0 alpha2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro type. e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability. • http://packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/532801/100/0/threaded http://www.securityfocus.com/bid/68674 https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1 https://www.htbridge.com/advisory/HTB23220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •