CVE-2022-50906

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1

Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG files containing cross-site scripting (XSS) payloads. When viewed, these payloads can execute arbitrary scripts. The vulnerable functionality is related to file uploads via the media manager.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.