CVE-2014-4734

Name of the Vulnerable Software and Affected Versions e107 versions 2.0 alpha2 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the type parameter in the /e107 admin/db.php endpoint.

Recommendations For versions 2.0 alpha2 and earlier, avoid using the type parameter in the vulnerable endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the /e107 admin/db.php endpoint to minimize the risk of exploitation.