{"id":"CVE-2023-36121","details":"Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.","modified":"2026-07-15T01:48:53.215533975Z","published":"2023-08-01T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36121.json"},"references":[{"type":"WEB","url":"https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md"},{"type":"WEB","url":"https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284"},{"type":"WEB","url":"https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/51449"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36121.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36121"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/e107inc/e107","events":[{"introduced":"a6e1c0b897a3bf3f3e7bd6ea0382e2556e456379"},{"last_affected":"a6e1c0b897a3bf3f3e7bd6ea0382e2556e456379"}],"database_specific":{"extracted_events":[{"introduced":"2.3.2"},{"last_affected":"2.3.2"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:e107:e107:2.3.2:*:*:*:*:*:*:*"}}],"versions":["2.3.2","v2.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36121.json"}}],"schema_version":"1.7.5"}