E107 'Referer' Header Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running e107 and is prone to remote Cross-Site Scripting vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to e107 version 0.7.22 or later, For updates refer to http://e107.org/edownload.php

Insight

The flaw exists due to error in 'email.php' in 'news.1' action. It does not properly filter HTML code from user-supplied input in the HTTP 'Referer' header before displaying the input.

Affected

e107 version 0.7.16 and prior.

References

http://secunia.com/advisories/36832/
http://websecurity.com.ua/3528/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3444

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

e107 'Referer' Header Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities