CNNVD-202601-1930 Information

CNNVD ID

CNNVD-202601-1930

Related CVE

CVE-2022-50906

• CNNVD Published: 2026-01-13

Description (Chinese)

e107是E107团队的一套开源、免费且基于PHP和MySQL的内容管理系统（CMS）。该系统支持多种插件和外观主题，可作为个人博客、讨论社区、档案资料库等。 e107 3.2.1版本存在跨站脚本漏洞，该漏洞源于上传限制绕过，可能导致管理员上传恶意SVG文件并执行跨站脚本攻击。

Description (English)

e107 is an open-source, free and PHP-based content management system (CMS) for the E107 team. The system supports various plugins and visual themes that can be used as personal blogs, community discussions, archives, etc. e107 3.2.1 has a cross-site script loophole, which stems from uploading restrictions bypassing, which may lead to malign SVG files being uploaded by administrators and cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

E107

Published

2026-01-13

Last Modified

2026-02-24

References

https://e107.org/download https://www.exploit-db.com/exploits/50910 https://www.vulncheck.com/advisories/e-cms-admin-upload-restriction-bypass-stored-xss https://access.redhat.com/security/cve/cve-2022-50906