Vulnerabilities > CVE-2004-2261 - Script HTML Injection vulnerability in e107 Website System

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

e107

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.

Vulnerable Configurations

Part	Description	Count
Application	E107 E107 E107 0.545 E107 E107 0.554 E107 E107 0.555_Beta E107 E107 0.603 E107 E107 0.610 E107 E107 0.611 E107 E107 0.612 E107 E107 0.613 E107 E107 0.614	9

References

http://secunia.com/advisories/11567
http://securitytracker.com/id?1010084
http://www.osvdb.org/5982
http://www.securityfocus.com/bid/10293
https://exchange.xforce.ibmcloud.com/vulnerabilities/16087