CVE-2009-4083 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php (2) usersettings.php; and (3) newpost.php (4) banlist.php (5) banner.php (6) cpage.php (7) download.php (8) users_extended.php (9) frontpage.php (10) links.php and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794 but there are insufficient details to be certain.

Reference

http://blog.bkis.com/e107-multiple-vulnerabilities/ http://www.securityfocus.com/archive/1/508007/100/0/threaded http://www.securityfocus.com/bid/37087 https://exchange.xforce.ibmcloud.com/vulnerabilities/54372