QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4757

Published: Mar 15, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.madirish.net/?article=471

x_refsource_MISC

e107-submitnewstitle-xss(61331)

vdb-entry

x_refsource_XF

http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655

x_refsource_CONFIRM

http://e107.org/svn_changelog.php?version=0.7.23

x_refsource_CONFIRM

http://e107.org/comment.php?comment.news.872

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.