CVE-2004-2040 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) email article to a friend field, (3) submit news field, or (4) avmsg parameter to usersettings.php.

Affected Software

Name	Vendor	Start Version	End Version
E107	E107	0.6_15 (including)	0.6_15 (including)
E107	E107	0.6_15a (including)	0.6_15a (including)

References

http://marc.info/?l=bugtraq\u0026m=108588043007224\u0026w=2
http://marc.info/?l=full-disclosure\u0026m=108586723116427\u0026w=2
http://secunia.com/advisories/11740
http://www.osvdb.org/6526
http://www.osvdb.org/6527
http://www.osvdb.org/6528
http://www.osvdb.org/6529
http://www.securityfocus.com/bid/10436
http://www.waraxe.us/index.php?modname=sa\u0026id=31
https://exchange.xforce.ibmcloud.com/vulnerabilities/16279
https://exchange.xforce.ibmcloud.com/vulnerabilities/16280
https://exchange.xforce.ibmcloud.com/vulnerabilities/16281

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2040
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html