WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11734)

Description

In e107 v2.1.7, output without filtering results in XSS.

Remediation

References

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)

WordPress Plugin All-in-One WP Migration Arbitrary File Upload (7.40)

WordPress Plugin Safe Editor Unspecified Vulnerability (1.1)

WordPress Plugin WP Fastest Cache SQL Injection (0.8.4.8)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0455)

Severity

Medium

Classification

CVE-2018-11734 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities