CVE-2015-1041
CVE-2015-1041 Affect: e107 CMS, version 1.0.4. Issue: Cross-site scripting (XSS) in e107_admin/filemanager.php allows remote attackers to inject arbitrary web script/HTML via the e107_files/ path in the QUERY_STRING. Root cause: insufficient input validation/escaping of the file path parameter. I...