CNNVD-202601-1931 Information
CNNVD ID
CNNVD-202601-1931
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
e107是E107团队的一套开源、免费且基于PHP和MySQL的内容管理系统(CMS)。该系统支持多种插件和外观主题,可作为个人博客、讨论社区、档案资料库等。 e107 3.2.1版本存在跨站脚本漏洞,该漏洞源于news.php和image.php组件存在跨站脚本攻击和上传限制绕过,可能导致反射型跨站脚本和存储型跨站脚本攻击。
Description (English)
e107 is an open-source, free and PHP-based content management system (CMS) for the E107 team. The system supports various plugins and visual themes that can be used as personal blogs, community discussions, archives, etc. e107 3.2.1 has a cross-site script loophole, which stems from the existence of cross-site script attacks and upload restrictions bypassed by news.php and image.php components, which may result in cross-station and storage-type cross-site attacks.
Hazard Level
Low
Vulnerability Type
跨站脚本
Affected Vendor
E107
Published
2026-01-13
Last Modified
2026-02-24
References
https://e107.org/download https://www.vulncheck.com/advisories/e-cms-reflected-xss-via-comment-flow https://www.exploit-db.com/exploits/50910 https://access.redhat.com/security/cve/cve-2022-50905
Share on: