e107 content_preset.php URI XSS
Medium Nessus Plugin ID 66395
SynopsisThe remote web server hosts a PHP script that is affected by a cross-site scripting vulnerability.
DescriptionThe version of e107 installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input passed in the URI to the 'content_preset.php' script. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
SolutionUpgrade to version 1.0.3 or later.