Description
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
Remediation
References
Related Vulnerabilities
Dolibarr Missing Authorization Vulnerability (CVE-2018-10092)
WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0)
WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.3.9)
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)