Description
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)
WordPress Plugin Easy Forms for Mailchimp Cross-Site Scripting (5.0.6)
WordPress Plugin MailChimp Forms by MailMunch Unspecified Vulnerability (2.0.6.3)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29212)