Description
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
Remediation
References
Related Vulnerabilities
OpenSSL Resource Management Errors Vulnerability (CVE-2011-4577)
MySQL Other Vulnerability (CVE-2004-0956)
WordPress Plugin WordPress Landing Pages Cross-Site Scripting (2.2.4)
WordPress Data Processing Errors Vulnerability (CVE-2014-9034)
WordPress Plugin WP Subtitle Unspecified Vulnerability (2.5)