HomePentest-Tools.com Logo

e107 Referer Header Cross-Site Scripting Vulnerability CVE-2009-3444

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

e107 is prone to remote Cross-Site Scripting vulnerability.

Risk description

The flaw exists due to error in email.php in news.1 action. It does not properly filter HTML code from user-supplied input in the HTTP Referer header before displaying the input. Attackers can exploit this issue to execute arbitrary HTML and script code in a users browser session in the context of an affected site.

Recommendation

Upgrade to e107 version 0.7.22 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 28, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available