CVE-2011-4920

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to 1 e107images/thumb.php or 2 rate.php, 3 resendname parameter to e107admin/users.php, and 4 link BBCode in user signatures...