CVE-2004-2040

Name of the Vulnerable Software and Affected Versions e107 version 0.615

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various means, including the LAN 407 parameter to clock menu.php, the "email article to a friend" field, the "submit news" field, or the avmsg parameter to usersettings.php.

Recommendations For e107 version 0.615, consider restricting access to the clock menu.php and usersettings.php scripts until a patch is available. As a temporary workaround, avoid using the LAN 407 and avmsg parameters in the respective scripts. Additionally, restrict input in the "email article to a friend" and "submit news" fields to minimize the risk of exploitation.