CVE-2021-44911

Name of the Vulnerable Software and Affected Versions XE versions prior to 1.11.6

Description The issue allows for unrestricted file upload via the modules/menu/menu.admin.controller.php module. When uploading the Mouse over button and the When selected button, there is no restriction on the file suffix, which leads to any file being uploaded to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.

Recommendations For versions prior to 1.11.6, update to version 1.11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the modules/menu/menu.admin.controller.php module until a patch is available. Avoid using the file upload feature in the Mouse over button and the When selected button until the issue is resolved.