header-logo
Suggest Exploit
vendor:
e107 website system
by:
5.5
CVSS
MEDIUM
HTML injection
79
CWE
Product Name: e107 website system
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

e107 website system remote HTML injection vulnerability

The e107 website system is prone to a remote HTML injection vulnerability. This vulnerability occurs when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application fails to properly sanitize user-supplied input, allowing the injected HTML code to be stored and rendered in the browser of unsuspecting users when the log page of the affected site is viewed.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before rendering it in the browser. Implementing input validation and output encoding techniques can help prevent HTML injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10395/info

It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input.

The problem presents itself when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application stores the injected HTML code, which is then rendered in the browser of an unsuspecting user whenever the log page of the affected site is viewed.

http://www.example.com/e107_plugins/log/log.php?referer=code<br>goes<here>&color=24&eself=http://www.example.com/stats.php&res=1341X1341

Navigation

Suggest Exploit

Services By CQR