cpe:/a:e107:e107:0.7 cpe:/a:e107:e107:0.7.0 cpe:/a:e107:e107:0.7.1 cpe:/a:e107:e107:0.7.2 cpe:/a:e107:e107:0.7.3 cpe:/a:e107:e107:0.7.4 cpe:/a:e107:e107:0.7.5 cpe:/a:e107:e107:0.7.6 cpe:/a:e107:e107:0.7.7 cpe:/a:e107:e107:0.7.8 cpe:/a:e107:e107:0.7.9 cpe:/a:e107:e107:0.7.10 cpe:/a:e107:e107:0.7.11 cpe:/a:e107:e107:0.7.12 cpe:/a:e107:e107:0.7.13 cpe:/a:e107:e107:0.7.14 cpe:/a:e107:e107:0.7.15 cpe:/a:e107:e107:0.7.16 cpe:/a:e107:e107:0.7.17 cpe:/a:e107:e107:0.7.18 cpe:/a:e107:e107:0.7.19 cpe:/a:e107:e107:0.7.20 cpe:/a:e107:e107:0.7.21 cpe:/a:e107:e107:0.7.22 cpe:/a:e107:e107:0.7.24 CVE-2011-4947 2012-08-31T18:55:01.263-04:00 2017-08-28T21:30:38.350-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-09-03T14:15:00.000-04:00 MLIST [oss-security] 20120328 CVE-request: e107 HTB23004 MLIST [oss-security] 20120328 Re: CVE-request: e107 HTB23004 XF e107-usersextended-xss(68062) CONFIRM http://e107.org/svn_changelog.php?version=0.7.26 CONFIRM http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 MISC https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.