Description
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
Remediation
References
Related Vulnerabilities
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10130)
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)
Dotclear Other Vulnerability (CVE-2014-3782)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)
PHP-Fusion Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-3172)