e107 'content_manager.php' HTML Injection Vulnerability
BID:39539
Info
e107 'content_manager.php' HTML Injection Vulnerability
| Bugtraq ID: | 39539 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0997 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2010 12:00AM |
| Updated: | Apr 19 2010 05:32PM |
| Credit: | Secunia Research |
| Vulnerable: |
e107 e107 0.7.19 e107 e107 0.7.18 e107 e107 0.7.17 e107 e107 0.7.16 e107 e107 0.7.15 e107 e107 0.7.13 e107 e107 0.7.8 e107 e107 0.7.5 |
| Not Vulnerable: |
e107 e107 0.7.20 |
Discussion
e107 'content_manager.php' HTML Injection Vulnerability
e107 is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Versions prior to e107 0.7.20 are vulnerable.
e107 is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Versions prior to e107 0.7.20 are vulnerable.
Exploit / POC
e107 'content_manager.php' HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
e107 'content_manager.php' HTML Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
e107 'content_manager.php' HTML Injection Vulnerability
References:
References: