e107 Website System User.PHP HTML Injection Vulnerability

It is reported that e107 website system is prone to a remote HTML injection vulnerability in user account profiles. This issue is due to a failure by the application to properly sanitize user-supplied input.

An attacker may exploit the aforementioned vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.


Privacy Statement
Copyright 2010, SecurityFocus