e107 Website System Log.PHP HTML Injection Vulnerability

info
discussion
exploit
solution
references

e107 Website System Log.PHP HTML Injection Vulnerability

There is no exploit required; however the following example is available:

http://www.example.com/e107_plugins/log/log.php?referer=code<br>goes<here>&color=24&eself=http://www.example.com/stats.php&res=1341X1341