Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-6208
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote malicious users to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are...
E107 E107 0.7.11
490
VMScore
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
E107 E107 2.1.8
685
VMScore
CVE-2012-6433
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote malicious users to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
E107 E107 1.0.1
1 EDB exploit
435
VMScore
CVE-2015-1057
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote malicious users to inject arbitrary web script or HTML via the "Real Name" value.
E107 E107 2.0.0
1 EDB exploit
383
VMScore
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
E107 E107 2.1.4
383
VMScore
CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions prior to 1.0.0, allow remote malicious users to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, ...
E107 E107 0.7.26
383
VMScore
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
E107 E107 2.1.8
578
VMScore
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
E107 E107 2.1.2
NA
CVE-2023-43873
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local malicious user to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
E107 E107 Cms 2.3.2
NA
CVE-2023-43874
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local malicious user to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
E107 E107 Cms 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »