CVE-2022-50906

MEDIUM

e107 CMS 3.2.1 - XSS

Title source: llm

Description

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.

Exploits (1)

exploitdb WORKING POC

by Hubert Wojciechowski · textwebappsphp

https://www.exploit-db.com/exploits/50910

View Code ZIP pw:eip

References (4)

[Product] https://e107.org/

[Product] https://e107.org/download

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50910

[Third Party Advisory] https://www.vulncheck.com/advisories/e-cms-admin-upload-restriction-bypass-stored-xss

Scores

CVSS v3 4.8

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

e107/e107 3.2.1

e107/e107 CMS 3.2.1

Published Jan 13, 2026

Tracked Since Feb 18, 2026