A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. …read more

Source:: Threatpost