{"bulletinFamily": "software", "viewCount": 6, "reporter": "zark0vac()", "references": [], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the download.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the download.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "affectedSoftware": [{"operator": "eq", "version": "0.7.5", "name": "e107"}], "href": "https://vulners.com/osvdb/OSVDB:30987", "modified": "2006-09-13T22:27:15", "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2017-04-28T13:20:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4794"]}, {"type": "exploitdb", "idList": ["EDB-ID:28547", "EDB-ID:28556", "EDB-ID:28554", "EDB-ID:28549", "EDB-ID:28545", "EDB-ID:28546", "EDB-ID:28552", "EDB-ID:28548", "EDB-ID:28551"]}, {"type": "osvdb", "idList": ["OSVDB:30982", "OSVDB:30986", "OSVDB:30981", "OSVDB:30984", "OSVDB:30980", "OSVDB:30985", "OSVDB:30979", "OSVDB:30983"]}], "modified": "2017-04-28T13:20:27", "rev": 2}, "vulnersScore": 5.4}, "id": "OSVDB:30987", "title": "e107 download.php Query String (PATH_INFO) Variable XSS", "edition": 1, "published": "2006-09-13T22:27:15", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2006-4794"], "lastseen": "2017-04-28T13:20:27"}

{"cve": [{"lastseen": "2020-10-03T11:48:17", "description": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2006-09-14T21:07:00", "title": "CVE-2006-4794", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4794"], "modified": "2008-09-05T21:10:00", "cpe": ["cpe:/a:e107:e107:0.7.5"], "id": "CVE-2006-4794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4794", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30982", "id": "OSVDB:30982", "title": "e107 news.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the submitnews.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the submitnews.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30985", "id": "OSVDB:30985", "title": "e107 submitnews.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the user.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the user.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30986", "id": "OSVDB:30986", "title": "e107 user.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the fpw.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the fpw.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30981", "id": "OSVDB:30981", "title": "e107 fpw.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30980", "id": "OSVDB:30980", "title": "e107 admin.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30983", "id": "OSVDB:30983", "title": "e107 search.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the signup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the signup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30979](https://vulners.com/osvdb/OSVDB:30979)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30984", "id": "OSVDB:30984", "title": "e107 signup.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4794"], "description": "## Vulnerability Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ne107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org/\n[Related OSVDB ID: 30981](https://vulners.com/osvdb/OSVDB:30981)\n[Related OSVDB ID: 30982](https://vulners.com/osvdb/OSVDB:30982)\n[Related OSVDB ID: 30984](https://vulners.com/osvdb/OSVDB:30984)\n[Related OSVDB ID: 30983](https://vulners.com/osvdb/OSVDB:30983)\n[Related OSVDB ID: 30980](https://vulners.com/osvdb/OSVDB:30980)\n[Related OSVDB ID: 30986](https://vulners.com/osvdb/OSVDB:30986)\n[Related OSVDB ID: 30985](https://vulners.com/osvdb/OSVDB:30985)\n[Related OSVDB ID: 30987](https://vulners.com/osvdb/OSVDB:30987)\nGeneric Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html\n[CVE-2006-4794](https://vulners.com/cve/CVE-2006-4794)\nBugtraq ID: 19997\n", "edition": 1, "modified": "2006-09-13T22:27:15", "published": "2006-09-13T22:27:15", "href": "https://vulners.com/osvdb/OSVDB:30979", "id": "OSVDB:30979", "title": "e107 contact.php Query String (PATH_INFO) Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T08:24:02", "description": "e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 contact.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28545", "href": "https://www.exploit-db.com/exploits/28545/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n\r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n\r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/contact.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28545/"}, {"lastseen": "2016-02-03T08:24:11", "description": "e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 download.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28546", "href": "https://www.exploit-db.com/exploits/28546/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/download.php/\"><script>alert('founded by pointGLow.com -zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28546/"}, {"lastseen": "2016-02-03T08:24:19", "description": "e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794 . Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 admin.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28547", "href": "https://www.exploit-db.com/exploits/28547/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/e107_admin/admin.php/%22%3E%3C/script%3E%3Cscript%3Ealert('founded bypointGLow.com - zark0vac')%3C/script%3E", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28547/"}, {"lastseen": "2016-02-03T08:24:29", "description": "e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 fpw.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28548", "href": "https://www.exploit-db.com/exploits/28548/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/fpw.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28548/"}, {"lastseen": "2016-02-03T08:24:36", "description": "e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 news.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28549", "href": "https://www.exploit-db.com/exploits/28549/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/news.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28549/"}, {"lastseen": "2016-02-03T08:24:44", "description": "e107 website system 0.7.5 search.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 - search.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28551", "href": "https://www.exploit-db.com/exploits/28551/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/search.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28551/"}, {"lastseen": "2016-02-03T08:24:51", "description": "e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 signup.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28552", "href": "https://www.exploit-db.com/exploits/28552/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/signup.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28552/"}, {"lastseen": "2016-02-03T08:25:14", "description": "e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 user.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28556", "href": "https://www.exploit-db.com/exploits/28556/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/user.php/\"><script>alert('founded by pointGLow.com - zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28556/"}, {"lastseen": "2016-02-03T08:24:59", "description": "e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "e107 website system 0.7.5 submitnews.php Query String PATH_INFO Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4794"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:28554", "href": "https://www.exploit-db.com/exploits/28554/", "sourceData": "source: http://www.securityfocus.com/bid/19997/info\r\n \r\ne107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. \r\n \r\nAn attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nVersion 0.7.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nhttp://www,example.com/submitnews.php/\"><script>alert('founded by pointGLow.com -zark0vac')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28554/"}]}