2 matches found
CVE-2010-4757
Cross-site scripting XSS vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnewstitle parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this...
CVE-2008-6208
CVE-2008-6208 is an XSS vulnerability in e107 CMS 0.7.11 affecting submitnews.php. The vulnerability enables remote attackers to inject arbitrary script/HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. The NVD entry notes the vulnerability as XSS with a medium base score (4.3...