Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E107 | E107 | <= 0.7.16 |
Related Weaknesses (CWE)
References
- http://blog.bkis.com/e107-multiple-vulnerabilities/
- http://www.securityfocus.com/archive/1/508007/100/0/threaded
- http://www.securityfocus.com/bid/37087
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54372
- http://blog.bkis.com/e107-multiple-vulnerabilities/
- http://www.securityfocus.com/archive/1/508007/100/0/threaded
- http://www.securityfocus.com/bid/37087
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54372
FAQ
What is CVE-2009-4083?
CVE-2009-4083 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersett...
How severe is CVE-2009-4083?
CVE-2009-4083 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4083?
Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.