Description

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

Remediation

References

CVE-2009-3444

Related Vulnerabilities

Oracle JRE CVE-2014-2420 Vulnerability (CVE-2014-2420)

WordPress Plugin MainWP Child Reports SQL Injection (2.0.7)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)

MySQL Other Vulnerability (CVE-2001-0407)

Severity

Medium

Classification

CVE-2009-3444 CWE-707

Tags

Missing Update Known Vulnerabilities