This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
A PHP script on the remote web server is affected by a cross-site
The version of e107 on the remote host is affected by a cross-site
scripting vulnerability because the 'submitnews.php' script fails to
properly sanitize user-supplied input. A remote attacker can exploit
this by tricking a user into making a specially crafted POST request.
There are reportedly several other cross-site scripting and SQL
injection vulnerabilities in this version of e107, though Nessus has
not checked for them.
See also :
There is no known solution at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true