CVE-2009-4083

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/.  NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
e107e107
𝑥
≤ 0.7.16
e107e107
0.6_10:_10
e107e107
0.6_11:_11
e107e107
0.6_12:_12
e107e107
0.6_13:_13
e107e107
0.6_14:_14
e107e107
0.6_15:_15
e107e107
0.6_15a:_15a
e107e107
0.7
e107e107
0.7.1
e107e107
0.7.2
e107e107
0.7.3
e107e107
0.7.4
e107e107
0.7.5
e107e107
0.7.6
e107e107
0.7.7
e107e107
0.7.8
e107e107
0.7.9
e107e107
0.7.10
e107e107
0.7.11
e107e107
0.7.12
e107e107
0.7.13
e107e107
0.7.14
e107e107
0.7.15
e107e107
0.545
e107e107
0.547_beta:_beta
e107e107
0.548_beta:_beta
e107e107
0.549_beta:_beta
e107e107
0.551_beta:_beta
e107e107
0.552_beta:_beta
e107e107
0.553_beta:_beta
e107e107
0.554
e107e107
0.554_beta:_beta
e107e107
0.555_beta:_beta
e107e107
0.600
e107e107
0.601
e107e107
0.602
e107e107
0.603
e107e107
0.604
e107e107
0.605
e107e107
0.606
e107e107
0.607
e107e107
0.608
e107e107
0.609
e107e107
0.610
e107e107
0.611
e107e107
0.612
e107e107
0.613
e107e107
0.614
e107e107
0.615
e107e107
0.615a:a
e107e107
0.616
e107e107
0.617
e107e107
0.6171
e107e107
0.6172
e107e107
0.6173
e107e107
0.6174
e107e107
0.6175
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.bkis.com/e107-multiple-vulnerabilities/
http://www.securityfocus.com/archive/1/508007/100/0/threaded
http://www.securityfocus.com/bid/37087
https://exchange.xforce.ibmcloud.com/vulnerabilities/54372
http://blog.bkis.com/e107-multiple-vulnerabilities/
http://www.securityfocus.com/archive/1/508007/100/0/threaded
http://www.securityfocus.com/bid/37087
https://exchange.xforce.ibmcloud.com/vulnerabilities/54372