CVE-2013-2750

Cross-site scripting XSS vulnerability in e107plugins/content/handlers/contentpreset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2013-2750

CVE-2013-2750 is an XSS in e107, specifically in e107_plugins/content/handlers/content_preset.php, exploitable when user-supplied input in GET parameters is not properly sanitized (notably via %00/%0d%0a sequences). Affected product: e107 prior to 1.0.3. Impact as described: remote attacker can i...

e107 content_preset.php URI XSS

The version of e107 installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input passed in the URI to the 'contentpreset.php' script. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user'...

e107 'content_preset.php'跨站脚本漏洞(CVE-2013-2750)

Bugtraq ID:58841 CVE ID:CVE-2013-2750 e107是一款内容管理系统。 e107没有正确过滤GET参数中"%00"组合"%0d%0a"的字符输入，允许远程攻击者利用漏洞进行跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 e107 v1.0.2 厂商解决方案 e107 v1.0.3已经修复此漏洞，建议用户下载更新： http://e107.org/ http://host/e107plugins/content/handlers/contentpreset.php? %3c%00script%0d%0aalert'reflexted%20XSS'/scr...

e107 - content_preset.php Cross-Site Scripting

e107 - contentpreset.php Cross-Site Scripting source: https://www.securityfocus.com/bid/58841/info e107 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...