Description
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.7.4)
Oracle JRE CVE-2014-2410 Vulnerability (CVE-2014-2410)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.15)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)