Ahmet Agar

**Name of the Vulnerable Software and Affected Versions** e107 version 2.0.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `Real Name` value in the usersettings.php file. **Recommendations** For e107 version 2.0.0, update the usersettings.php file to properly sanitize the `Real Name` value to prevent XSS attacks. As a temporary workaround, consider restricting access to the usersettings.php file until a patch is available.