e107-xss.txt

Posted on 25 September 2009

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email (http://site/email.php?news.1) it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash. Referer: '><script>alert(document.cookie)</script> Vulnerable are E107 0.7.16 and previous versions (all versions). I mentioned about this vulnerability at my site (http://websecurity.com.ua/3528/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

TOP

Malware :

HackTool:Win64/ProcHack
Trojan:Win64/SvcMiner.A
HackTool:Win64/Reflectivensa.gen!A
Trojan:Win64/CoinMiner
Backdoor:Win64/Diovule.A

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20