Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36121 | 1 E107 | 1 E107 | 2023-08-05 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2019-06-20 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2018-11-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2018-11-02 | 5.5 MEDIUM | 6.5 MEDIUM |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | |||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2018-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | |||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2018-06-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | |||||
| CVE-2017-8098 | 1 E107 | 1 E107 | 2017-04-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker. | |||||