XSS Vulnerability in e107 Content Management System
CVE-2018-17423

4.8MEDIUM

Key Information:

Vendor

E107

Status
E107
Vendor
CVE Published:
19 June 2019

What is CVE-2018-17423?

An issue has been identified in e107 version 2.1.9 that allows for a Cross-Site Scripting (XSS) attack via the comment.php page within the admin interface. This flaw can enable an attacker to inject malicious scripts, which could compromise the integrity of user data and lead to unauthorized access to sensitive information. Users and administrators of e107 are advised to implement necessary security measures to protect their systems and data from exploitation. For further details and discussions regarding this issue, visit the project's GitHub issues page and the PoC link.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/e107inc/e107/issues/3414
x_refsource_MISC
https://github.com/Kiss-sh0t/e107_v2.1.9_XSS_poc
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.