CVE-2009-3444

EPSS 1.7%

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/9825unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/58363 http://secunia.com/advisories/36832 http://websecurity.com.ua/3528 http://www.securityfocus.com/archive/1/506704/100/0/threaded http://www.securityfocus.com/bid/36517 http://www.securitytracker.com/id?1022947