Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-50906 - Vulnerability Database
e107

e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-50906

Medium
Reference: CVE-2022-50906
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-50906
Title: e107 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.