E107inc E107
4 CVEs affecting E107inc E107. Latest disclosed: 2026-05-26. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43935 | High | 8.1 | 2026-05-26 | e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the… |
CVE-2026-46620 | Medium | 6.5 | 2026-05-26 | e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem… |
CVE-2026-43934 | Medium | 6.5 | 2026-05-26 | e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authentica… |
CVE-2026-43936 | Medium | 4.3 | 2026-05-26 | e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File… |