CVE-2004-2040
published 2004-05-29CVE-2004-2040: Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.14%
91.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e107 | e107 | <= 0.7.16 | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j2cx-qr4m-453j: Multiple cross-site scripting (XSS) vulnerabilities in e107 0
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-4083 [MEDIUM] CWE-79 GHSA-j2cx-qr4m-453j: Multiple cross-site scripting (XSS) vulnerabilities in e107 0
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.
GHSA
GHSA-5c66-f238-vw8j: Multiple cross-site scripting (XSS) vulnerabilities in e107 0
ghsa_unreviewed·2022-04-29
CVE-2004-2040 [MEDIUM] GHSA-5c66-f238-vw8j: Multiple cross-site scripting (XSS) vulnerabilities in e107 0
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
No detection rules found.
Exploit-DB
e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
exploitdb·2004-05-29
CVE-2004-2040 e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10436/info
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
- HTML injection in the "email article to a friend" and "submit news" pages.:
foobar'>
Exploit-DB
e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting
exploitdb·2004-05-29
CVE-2004-2040 e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting
e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10436/info
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
http://www.example.com/e107_0615/usersettings.php?avmsg=[xss code here]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108588043007224&w=2http://marc.info/?l=full-disclosure&m=108586723116427&w=2http://secunia.com/advisories/11740http://www.osvdb.org/6526http://www.osvdb.org/6527http://www.osvdb.org/6528http://www.osvdb.org/6529http://www.securityfocus.com/bid/10436http://www.waraxe.us/index.php?modname=sa&id=31https://exchange.xforce.ibmcloud.com/vulnerabilities/16279https://exchange.xforce.ibmcloud.com/vulnerabilities/16280https://exchange.xforce.ibmcloud.com/vulnerabilities/16281http://marc.info/?l=bugtraq&m=108588043007224&w=2http://marc.info/?l=full-disclosure&m=108586723116427&w=2http://secunia.com/advisories/11740http://www.osvdb.org/6526http://www.osvdb.org/6527http://www.osvdb.org/6528http://www.osvdb.org/6529http://www.securityfocus.com/bid/10436http://www.waraxe.us/index.php?modname=sa&id=31https://exchange.xforce.ibmcloud.com/vulnerabilities/16279https://exchange.xforce.ibmcloud.com/vulnerabilities/16280https://exchange.xforce.ibmcloud.com/vulnerabilities/16281
2004-05-29
Published