CVE-2022-50906
e107 CMS 3.2.1 is affected by an upload restriction bypass in the media manager that lets authenticated administrators upload SVG files containing stored XSS payloads. The root cause is bypassing upload restrictions, enabling SVGs with embedded scripts to execute when viewed. Impact is described ...