4.3

CVE-2011-0457

Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
E107E107 Version <= 0.7.22
E107E107 Version0.6_10
E107E107 Version0.6_11
E107E107 Version0.6_12
E107E107 Version0.6_13
E107E107 Version0.6_14
E107E107 Version0.6_15
E107E107 Version0.6_15a
E107E107 Version0.7
E107E107 Version0.7.0
E107E107 Version0.7.1
E107E107 Version0.7.2
E107E107 Version0.7.3
E107E107 Version0.7.4
E107E107 Version0.7.5
E107E107 Version0.7.6
E107E107 Version0.7.7
E107E107 Version0.7.8
E107E107 Version0.7.9
E107E107 Version0.7.10
E107E107 Version0.7.11
E107E107 Version0.7.12
E107E107 Version0.7.13
E107E107 Version0.7.14
E107E107 Version0.7.15
E107E107 Version0.7.16
E107E107 Version0.7.17
E107E107 Version0.7.18
E107E107 Version0.7.19
E107E107 Version0.7.20
E107E107 Version0.7.21
E107E107 Version0.545
E107E107 Version0.547 Updatebeta
E107E107 Version0.548 Updatebeta
E107E107 Version0.549 Updatebeta
E107E107 Version0.551 Updatebeta
E107E107 Version0.552 Updatebeta
E107E107 Version0.553 Updatebeta
E107E107 Version0.554
E107E107 Version0.554 Updatebeta
E107E107 Version0.555 Updatebeta
E107E107 Version0.600
E107E107 Version0.601
E107E107 Version0.602
E107E107 Version0.603
E107E107 Version0.604
E107E107 Version0.605
E107E107 Version0.606
E107E107 Version0.607
E107E107 Version0.608
E107E107 Version0.609
E107E107 Version0.610
E107E107 Version0.611
E107E107 Version0.612
E107E107 Version0.613
E107E107 Version0.614
E107E107 Version0.615
E107E107 Version0.615a
E107E107 Version0.616
E107E107 Version0.617
E107E107 Version0.6171
E107E107 Version0.6172
E107E107 Version0.6173
E107E107 Version0.6174
E107E107 Version0.6175
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.25% 0.459
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.