Vulnerabilities > E107 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3594 | Remote Security vulnerability in e107 game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | 5.0 |
| 2005-09-06 | CVE-2005-2805 | Unspecified vulnerability in E107 0.603/0.616/0.617 forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | 5.0 |
| 2005-07-20 | CVE-2005-2327 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. network e107 | 4.3 |
| 2004-12-31 | CVE-2004-2261 | Script HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. network e107 | 4.3 |
| 2004-05-29 | CVE-2004-2040 | Multiple vulnerability in E107 0.615/0.615A Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. network e107 | 4.3 |
| 2004-05-29 | CVE-2004-2039 | Multiple vulnerability in E107 0.615/0.615A e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. | 5.0 |
| 2004-05-21 | CVE-2004-2031 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. network e107 | 4.3 |
| 2004-05-21 | CVE-2004-2028 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. network e107 | 4.3 |
| 2003-10-29 | CVE-2003-1191 | Denial of Service vulnerability in E107 0.545/0.603 chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. | 5.0 |