Description

Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.

Remediation

References

CVE-2015-1041

Related Vulnerabilities

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (3.1.3)

WordPress Plugin WP User Manager-User Profile Builder & Membership Security Bypass (2.6.2)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)

WordPress Plugin Pods-Custom Content Types and Fields Malicious Code (3.2.3)

Severity

Medium

Classification

CVE-2015-1041 CWE-707

Tags

Missing Update Known Vulnerabilities