3 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 submitnews.php, 2 usersettings.php; and 3 newpost.php, 4 banlist.php, 5 banner.php, 6 cpage.php, 7 download.php, 8...
CVE-2006-4794
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...
CVE-2006-4794
CVE-2006-4794 describes multiple XSS vulnerabilities in e107 0.7.5 via the PATH_INFO query string in numerous PHP pages (contact.php, download.php, admin.php, etc.). Connected records indicate a broader XSS family affecting e107 0.7.16 and earlier (admin/ and related files such as submitnews.php,...