Vulnerabilities > E107 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-43873 | Cross-site Scripting vulnerability in E107 CMS 2.3.2 A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | 5.4 |
| 2023-09-28 | CVE-2023-43874 | Cross-site Scripting vulnerability in E107 CMS 2.3.2 Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | 5.4 |
| 2023-08-02 | CVE-2023-36121 | Cross-site Scripting vulnerability in E107 2.3.2 Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | 5.4 |
| 2019-07-10 | CVE-2018-11734 | Cross-site Scripting vulnerability in E107 2.1.7 In e107 v2.1.7, output without filtering results in XSS. | 6.1 |
| 2019-06-19 | CVE-2018-17423 | Cross-site Scripting vulnerability in E107 2.1.9 An issue was discovered in e107 v2.1.9. | 4.8 |
| 2018-09-26 | CVE-2018-17081 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9 e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | 4.3 |
| 2018-09-12 | CVE-2018-16389 | SQL Injection vulnerability in E107 2.1.8 e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | 6.5 |
| 2018-09-05 | CVE-2018-16381 | Cross-site Scripting vulnerability in E107 2.1.8 e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | 6.1 |
| 2018-05-15 | CVE-2018-11127 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.7 e107 2.1.7 has CSRF resulting in arbitrary user deletion. | 6.5 |
| 2017-04-24 | CVE-2017-8098 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4 e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. | 6.5 |