CVE-2021-39486

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt