e107 website system 0.6 usersettings.php avmsg Parameter XSS

ID SSV:77888
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                source: http://www.securityfocus.com/bid/10436/info

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.

http://www.example.com/e107_0615/usersettings.php?avmsg=[xss code here]