Affected Versions: e107.org e107 website system 0.7.16
Vulnerability Description: bugtraq id: 36517
E107 is a content management system written in php.
The page (http: // site/email. php? News.1) does not properly filter the Referer header. Remote attackers can execute cross-site scripting attacks by submitting malicious HTTP requests to the page, resulting in arbitrary HTML and script code execution in users' browser sessions.
<* Reference
MustLive (mustlive@websecurity.com.ua)
Link: http://secunia.com/advisories/36832/
Http://marc.info /? L = bugtraq & m = 125381322431826 & w = 2
*> Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk!
Referer:> <script> alert (document. cookie) </script>
Rootkitsblog Security suggestion: vendor patch:
E107.org
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version: