HomePentest-Tools.com Logo

e107 query Cross Site Scripting Vulnerability CVE-2013-2750

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

e107 is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The flaw is due to input passed via the query parameter to content_preset.php, which is not properly sanitised before using it. Successful exploitation will allow remote attackers to steal the victims cookie-based authentication credentials.

Recommendation

Upgrade e107 to version 1.0.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 22, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available