Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60721
HistoryApr 08, 2013 - 12:00 a.m.

e107 'content_preset.php'跨站脚本漏洞(CVE-2013-2750)

2013-04-0800:00:00
Root
www.seebug.org
12

EPSS

0.002

Percentile

56.2%

JSON

Bugtraq ID:58841
CVE ID:CVE-2013-2750

e107是一款内容管理系统。

e107没有正确过滤GET参数中"%00"组合"%0d%0a"的字符输入,允许远程攻击者利用漏洞进行跨站脚本攻击,可获得敏感信息或劫持用户会话。
0
e107 v1.0.2
厂商解决方案

e107 v1.0.3已经修复此漏洞,建议用户下载更新:
http://e107.org/


                                                http://[host]/e107_plugins/content/handlers/content_preset.php?
 %3c%00script%0d%0a>alert('reflexted%20XSS')</script>

Related

nessus 1
nvd 1
packetstorm 1
exploitdb 1
securityvulns 2
openvas 1
cvelist 1
prion 1
cve 1
nessus
nessus
e107 content_preset.php URI XSS
2013-05-13 00:00:00
nvd
nvd
CVE-2013-2750
2014-01-22 19:55:02
packetstorm
packetstorm
e107 CMS 1.0.2 Cross Site Scripting
2013-04-03 00:00:00
exploitdb
exploitdb
e107 - 'content_preset.php' Cross-Site Scripting
2013-04-03 00:00:00
securityvulns
securityvulns
TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2
2013-05-06 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-05-06 00:00:00
openvas
openvas
e107 query Cross Site Scripting Vulnerability
2014-01-28 00:00:00
cvelist
cvelist
CVE-2013-2750
2014-01-22 19:00:00
prion
prion
Cross site scripting
2014-01-22 19:55:00
cve
cve
CVE-2013-2750
2014-01-22 19:55:02

EPSS

0.002

Percentile

56.2%

JSON
Related for SSV:60721
nessus1nvd1packetstorm1exploitdb1securityvulns2openvas1cvelist1prion1cve1