Vulnerabilities > CVE-2004-2028 - HTML Injection vulnerability in e107 Website System

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

e107

exploit available

NVD

Published: 2004-05-21

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.

Vulnerable Configurations

Part	Description	Count
Application	E107 E107 E107 0.6_10 E107 E107 0.6_11 E107 E107 0.6_12 E107 E107 0.6_13 E107 E107 0.6_14 E107 E107 0.6_15 E107 E107 0.6_15A E107 E107 0.545 E107 E107 0.554 E107 E107 0.555_Beta E107 E107 0.603	11

Exploit-Db

description	e107 Website System 0.5/0.6 Log.PHP HTML Injection Vulnerability. CVE-2004-2028 . Webapps exploit for php platform
id	EDB-ID:24138
last seen	2016-02-02
modified	2004-05-21
published	2004-05-21
reporter	Chinchilla
source	https://www.exploit-db.com/download/24138/
title	e107 Website System 0.5/0.6 Log.PHP HTML Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References