CVE-2015-1041

Name of the Vulnerable Software and Affected Versions e107 version 1.0.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the e107 files/ file path in the QUERY STRING. This could potentially lead to unauthorized actions on the affected system.

Recommendations For version 1.0.4, consider restricting access to the e107 admin/filemanager.php file until a patch is available. As a temporary workaround, avoid using the e107 files/ file path in the QUERY STRING to minimize the risk of exploitation.