Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Thrive Dashboard Security Bypass (2.3.9.2)
WordPress Plugin Gmedia Photo Gallery Multiple Vulnerabilities (1.6.4)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)
WordPress Plugin Custom Website Data Cross-Site Scripting (1.0)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)