e107 website system 0.6 - usersettings.php?avmsg Cross-Site Scripting

2004-05-29T00:00:00
ID EXPLOITPACK:331D1016A439D26A2B663E221436CDB6
Type exploitpack
Reporter Janek Vind
Modified 2004-05-29T00:00:00

Description

e107 website system 0.6 - usersettings.php?avmsg Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/10436/info

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.


http://www.example.com/e107_0615/usersettings.php?avmsg=[xss code here]