Skip to main content

E107 CVE-2023-36121

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-08-02 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 02, 2023 - 00:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

AnalysisAI

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. Affected products include: E107.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in E107

View all
CVE-2022-50905 CRITICAL POC
9.8 Jan 13

e107 CMS 3.2.1 has multiple XSS vulnerabilities in news comments that allow executing arbitrary JavaScript. Rated CVSS 9

CVE-2021-27885 HIGH POC
8.8 Mar 02

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. Rated high severity (CVSS 8.8), thi

CVE-2018-15901 HIGH POC
8.8 Aug 28

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including admini

CVE-2022-50939 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to overrid

CVE-2016-10378 HIGH POC
7.2 May 29

e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.ph

CVE-2022-50907 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upl

CVE-2022-50916 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server

CVE-2018-16388 HIGH POC
7.2 Sep 12

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php

CVE-2012-6433 MEDIUM POC
6.8 Jan 03

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hija

CVE-2012-6434 MEDIUM POC
6.8 Jan 03

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attacke

CVE-2018-16381 MEDIUM POC
6.1 Sep 05

e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Rated medium severity (C

CVE-2015-1057 MEDIUM POC
4.3 Jan 16

Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary w

Share

CVE-2023-36121 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy