HomePentest-Tools.com Logo

e107 <= 2.2.1 XSS Vulnerability CVE-2018-17423

Severity
CVSSv3 Score
4.8
Vulnerability description

e107 is prone to a cross-site scripting (XSS) vulnerability via e107_admin/comment.php.

Risk description

Successful exploitation would allow an authenticated attacker to inject malicious script content into the affected site.

Recommendation

To mitigate this vulnerability the vendor recommends to disable the functionality under Preferences - Text rendering - Class by setting the ability to post to No One (inactive). This will be the default setting in the upcoming 2.3.0 release.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 19, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available