Vulnerabilities > E107 > E107 > 1.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27885 | Cross-Site Request Forgery (CSRF) vulnerability in E107 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 8.8 |
| 2014-01-22 | CVE-2013-7305 | Credentials Management vulnerability in E107 fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | 4.3 |