Vulnerabilities > E107 > E107 > 2.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27885 | Cross-Site Request Forgery (CSRF) vulnerability in E107 usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 8.8 |
| 2015-01-16 | CVE-2015-1057 | Cross-site Scripting vulnerability in E107 2.0.0 Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. | 4.3 |