CVE-2022-50906
Unknown Unknown - Not Provided
Upload Restriction Bypass in e107 CMS 3.2.1 Enables XSS

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50906
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
e107 e107 3.2.1
e107 e107 2.3.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50906 is a vulnerability in e107 CMS version 3.2.1 where authenticated administrators can bypass upload restrictions in the media manager to upload malicious SVG files. These SVG files contain embedded cross-site scripting (XSS) payloads that execute arbitrary scripts when viewed, potentially allowing attackers to run malicious code in the context of the application. [4]

Impact Analysis

This vulnerability allows attackers with administrator privileges to upload SVG files containing malicious scripts that execute when viewed, leading to stored cross-site scripting (XSS) attacks. This can result in arbitrary script execution, which may compromise user sessions, steal sensitive information, or perform actions on behalf of users. However, exploitation requires admin access and user interaction, and the impact on confidentiality, integrity, and availability is considered low. [4]

Detection Guidance

Detection can involve monitoring for uploads of SVG files through the media manager by authenticated administrators, especially those containing embedded scripts. One approach is to inspect uploaded SVG files for suspicious embedded JavaScript or event handlers. Commands to detect such files could include searching the upload directories for SVG files and scanning their contents for script tags or event attributes. For example, on a Linux server, you might use: 1) Find SVG files: `find /path/to/uploads -name '*.svg'` 2) Search for script tags or event handlers inside SVG files: `grep -i -E '<script|onload|onerror|onchange|onclick' /path/to/uploads/*.svg` Additionally, reviewing web server logs for POST requests to the media manager upload endpoint by admin users may help detect exploitation attempts. However, no specific commands or detection scripts are provided in the resources. [1, 4]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling SVG file uploads through the media manager for administrators until a patch is applied. Administrators should validate and sanitize uploaded SVG files to remove any embedded scripts or event handlers. Applying the latest security updates or patches from the e107 CMS project is recommended once available. Additionally, monitoring and auditing administrator activities related to file uploads can help detect exploitation attempts. Limiting administrator privileges and ensuring strong authentication can reduce risk. Since the vulnerability requires authenticated admin access, controlling and monitoring admin accounts is critical. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50906. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart