Description
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.0)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8624)
WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)
WordPress Plugin WP Unique Article Header Image Cross-Site Request Forgery (1.0)