Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16087
http://www.securityfocus.com/bid/10293