Description

Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.

Remediation

References

CVE-2015-1057

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-2000-0603)

Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)

IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)

GlassFish Use of Hard-coded Credentials Vulnerability (CVE-2018-14324)

Oracle JRE CVE-2014-2402 Vulnerability (CVE-2014-2402)

Severity

Medium

Classification

CVE-2015-1057 CWE-707

Tags

Missing Update Known Vulnerabilities