Summary
This host is running e107 and is prone to remote Cross-Site Scripting vulnerability.
Impact
Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to e107 version 0.7.22 or later,
For updates refer to http://e107.org/edownload.php
Insight
The flaw exists due to error in 'email.php' in 'news.1' action. It does not properly filter HTML code from user-supplied input in the HTTP 'Referer' header before displaying the input.
Affected
e107 version 0.7.16 and prior.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-3444 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities