Vulnerabilities > E107

DATE CVE VULNERABILITY TITLE RISK
2023-09-28 CVE-2023-43873 Cross-site Scripting vulnerability in E107 CMS 2.3.2
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
network
low complexity
e107 CWE-79
5.4
2023-09-28 CVE-2023-43874 Cross-site Scripting vulnerability in E107 CMS 2.3.2
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
network
low complexity
e107 CWE-79
5.4
2023-08-02 CVE-2023-36121 Cross-site Scripting vulnerability in E107 2.3.2
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
network
low complexity
e107 CWE-79
5.4
2021-03-02 CVE-2021-27885 Cross-Site Request Forgery (CSRF) vulnerability in E107
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
network
low complexity
e107 CWE-352
8.8
2019-07-10 CVE-2018-11734 Cross-site Scripting vulnerability in E107 2.1.7
In e107 v2.1.7, output without filtering results in XSS.
network
e107 CWE-79
4.3
2019-06-19 CVE-2018-17423 Cross-site Scripting vulnerability in E107 2.1.9
An issue was discovered in e107 v2.1.9.
network
e107 CWE-79
3.5
2019-05-24 CVE-2016-10753 Deserialization of Untrusted Data vulnerability in E107 2.1.2
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
network
low complexity
e107 CWE-502
6.5
2018-09-26 CVE-2018-17081 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
network
e107 CWE-352
4.3
2018-09-12 CVE-2018-16389 SQL Injection vulnerability in E107 2.1.8
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
network
low complexity
e107 CWE-89
5.5
2018-09-12 CVE-2018-16388 Unrestricted Upload of File with Dangerous Type vulnerability in E107 2.1.8
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
network
low complexity
e107 CWE-434
6.5