[] NeoSense
E X P L O I T S
title author type platform port cve id

e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting

Author: Janek Vind
type: webapps
platform: php
port: nan
date_added: 2004-05-29 
date_updated: 2013-01-15 
verified: 1 
codes: CVE-2004-2040;OSVDB-6527 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/10436/info

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.

- HTML injection in the "email article to a friend" and "submit news" pages.:

foobar'><body onload=alert(document.cookie);>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.