Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
e107 website system remote HTML injection vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
e107 website system
by:
5.5
CVSS
MEDIUM
HTML injection
79
CWE
Product Name: e107 website system
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

e107 website system remote HTML injection vulnerability

The e107 website system is prone to a remote HTML injection vulnerability. This vulnerability occurs when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application fails to properly sanitize user-supplied input, allowing the injected HTML code to be stored and rendered in the browser of unsuspecting users when the log page of the affected site is viewed.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before rendering it in the browser. Implementing input validation and output encoding techniques can help prevent HTML injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10395/info

It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input.

The problem presents itself when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application stores the injected HTML code, which is then rendered in the browser of an unsuspecting user whenever the log page of the affected site is viewed.

http://www.example.com/e107_plugins/log/log.php?referer=code<br>goes<here>&color=24&eself=http://www.example.com/stats.php&res=1341X1341

Navigation

Suggest Exploit

Services By CQR