Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4920

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4920
Last Modified 11 Oct 2012 11:22:53
Published 04 Jan 2012 02:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4920

Summary

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures.

Vulnerable Systems

Application

  • E107 0.7.26


References

XF - e107inc-multiple-xss(72010)

SECUNIA - 46706

OSVDB - 78049

OSVDB - 78048

OSVDB - 78047

MLIST - [oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities

XF - e107inc-usersignatures-xss(72104)

BID - 51253


Last Updated: 27 May 2016 10:49:33