{"type": "osvdb", "published": "2004-05-06T16:16:18", "href": "https://vulners.com/osvdb/OSVDB:5982", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "edition": 1, "reporter": "SmOk3 (smok3@systemsecure.org)", "title": "e107 Login Name/Author XSS", "affectedSoftware": [{"operator": "eq", "version": "0.614", "name": "e107"}], "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2261"]}], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 4.9}, "references": [], "id": "OSVDB:5982", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-2004-2261"], "modified": "2004-05-06T16:16:18", "description": "## Vulnerability Description\nE107 version 0.614 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables \"login name/author\" upon submission to the \"news submit\" and \"article submit\" scripts with guest user privilege. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 0.615 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nE107 version 0.614 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables \"login name/author\" upon submission to the \"news submit\" and \"article submit\" scripts with guest user privilege. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://e107.org\nVendor Specific Solution URL: http://e107.org/download.php?list.2\nSecurity Tracker: 1010084\n[Secunia Advisory ID:11567](https://secuniaresearch.flexerasoftware.com/advisories/11567/)\nISS X-Force ID: 16087\n[CVE-2004-2261](https://vulners.com/cve/CVE-2004-2261)\nBugtraq ID: 10293\n"}

{"cve": [{"lastseen": "2021-02-02T05:23:01", "description": "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions.", "edition": 3, "cvss3": {}, "published": "2004-12-31T05:00:00", "title": "CVE-2004-2261", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-2261"], "modified": "2017-07-11T01:31:00", "cpe": [], "id": "CVE-2004-2261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2261", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}