An issue exists where a user is able to have an admin user execute remote JavaScript giving access to an attacker to upload remote code facilitating code execution on the underlying server infrastructure.