exploitDog

CVE-2022-50906

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.

Ссылки

https://e107.org/
Product
https://e107.org/download
Product
https://www.exploit-db.com/exploits/50910
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/e-cms-admin-upload-restriction-bypass-stored-xss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:e107:e107:3.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-h84q-rj7p-53m3

CVSS3: 6.4

github

25 дней назад

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.

EPSS

Процентиль: 15%

0.00049

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79