FKIE_CVE-2022-50905

Vulnerability from fkie_nvd - Published: 2026-01-13 23:15 - Updated: 2026-01-21 15:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.
References
disclosure@vulncheck.comhttps://e107.org/Product
disclosure@vulncheck.comhttps://e107.org/downloadProduct
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/50910Exploit, Third Party Advisory, VDB Entry
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/e-cms-reflected-xss-via-comment-flowThird Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.exploit-db.com/exploits/50910Exploit, Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
e107 e107 3.2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:e107:e107:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CF95DE-65CF-490D-9817-616CF704B16B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager\u0027s remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS."
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n 3.2.1 de e107 CMS contiene m\u00faltiples vulnerabilidades que permiten ataques de cross-site scripting (XSS). La primera vulnerabilidad es un XSS reflejado que ocurre en la funcionalidad de comentarios de noticias cuando usuarios autenticados interact\u00faan con el formulario de comentarios. Un atacante puede inyectar c\u00f3digo JavaScript malicioso a trav\u00e9s del par\u00e1metro de URL que se ejecuta cuando los usuarios hacen clic fuera del campo de comentario despu\u00e9s de escribir contenido. La segunda vulnerabilidad implica una omisi\u00f3n de restricci\u00f3n de carga para administradores autenticados, permiti\u00e9ndoles cargar archivos SVG que contienen c\u00f3digo malicioso a trav\u00e9s de la funci\u00f3n de carga de URL remota del gestor de medios. Esto resulta en un XSS almacenado cuando se accede a los archivos SVG cargados. Estas vulnerabilidades fueron descubiertas por Hubert Wojciechowski y afectan a los componentes news.PHP e image.PHP del CMS."
    }
  ],
  "id": "CVE-2022-50905",
  "lastModified": "2026-01-21T15:16:05.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-13T23:15:53.083",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://e107.org/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://e107.org/download"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/50910"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/e-cms-reflected-xss-via-comment-flow"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/50910"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.