CVE-2022-50905
Multiple XSS Vulnerabilities in e107 CMS 3.2.1 Components
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| e107 | e107 | 3.2.1 |
| e107 | e107 | 2.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50905 in e107 CMS version 3.2.1 involves multiple security issues: 1) Reflected Cross-Site Scripting (XSS) in the news comment functionality where authenticated users can inject malicious JavaScript via a URL parameter that executes when interacting with the comment form. 2) Upload restriction bypass for authenticated administrators allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature, resulting in stored XSS when these files are accessed. Additionally, authenticated admins can upload and execute arbitrary PHP files and overwrite critical server files via directory traversal in the upload feature, leading to remote code execution and full server compromise. These vulnerabilities arise from insufficient input validation and improper file upload handling. [1, 4]
How can this vulnerability impact me? :
This vulnerability can lead to several severe impacts: attackers can execute arbitrary JavaScript code in users' browsers via reflected and stored XSS, potentially stealing session data or performing actions on behalf of users. Authenticated administrators can exploit upload bypasses to upload malicious SVG or PHP files, enabling remote code execution on the server, overwriting critical files, and fully compromising the web application and underlying server. This can result in data theft, defacement, unauthorized access, and persistent compromise of the affected system. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unusual GET or POST requests targeting the news comment form or media manager upload endpoints. For example, inspecting HTTP requests for URL parameters containing JavaScript event handlers (e.g., 'onchange') in comment submissions or POST requests uploading SVG or PHP files via the media manager. Commands such as using curl or wget to simulate these requests can help verify vulnerability presence. For instance, a GET request injecting 'onchange=alert(1)' in the comment form URL or a POST request uploading an SVG file to the image upload endpoint. Additionally, scanning web server logs for suspicious file uploads or directory traversal patterns (e.g., '../../../') in upload captions can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting authenticated user permissions to prevent unauthorized comment submissions and file uploads, especially limiting administrator access. Disable or restrict the media manager's remote URL upload feature to prevent upload of SVG or PHP files. Implement input validation and sanitization on URL parameters and uploaded files to block malicious scripts and directory traversal sequences. Additionally, monitor and audit file uploads and web server logs for suspicious activity. Applying patches or updates from the vendor addressing these vulnerabilities is also critical once available. [1, 4]