CVE-2022-50905

CRITICAL

e107 CMS 3.2.1 - Authenticated Reflected Cross-Site Scripting via News Comment URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50905. PoCs published by Hubert Wojciechowski.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in e107 CMS v3.2.1, including reflected XSS, stored XSS via SVG upload, RCE through PHP file upload, and server file override. The PoC includes detailed HTTP requests and responses for each vulnerability.

Description

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.

Exploits (1)

exploitdb WORKING POC

by Hubert Wojciechowski · textwebappsphp

https://www.exploit-db.com/exploits/50910

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in e107 CMS v3.2.1, including reflected XSS, stored XSS via SVG upload, RCE through PHP file upload, and server file override. The PoC includes detailed HTTP requests and responses for each vulnerability.

Classification

Working Poc 95%

Attack Type

Xss | Rce | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: e107 CMS v3.2.1

Auth required

Prerequisites: Authenticated user access · Admin privileges for file upload exploits

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/50910

Product product

https://e107.org/

Product product

https://e107.org/download

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/e-cms-reflected-xss-via-comment-flow

Scores

CVSS v3 9.8

EPSS 0.0057

EPSS Percentile 42.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

e107/e107 3.2.1

e107/e107 CMS 3.2.1

Published Jan 13, 2026

Tracked Since Feb 18, 2026