This host is running e107 and is prone to cross site scripting vulnerability.

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Upgrade e107 to version 1.0.3 or later, For updates refer to http://www.e107.org/

The flaw is due to input passed via the 'query' parameter to 'content_preset.php', which is not properly sanitised before using it.

e107 version 1.0.2, Other versions may also be affected.

Send a crafted string via HTTP GET request and check whether it is able to inject HTML code.

• http://osvdb.net/91981
• http://secunia.com/advisories/52858
• http://xforce.iss.net/xforce/xfdb/83210

---

Updated on 2015-03-25