CVE-2017-5494
Published
CVSS v3
N/A
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
b2evolution CMS: Multiblog/CMS content publishing + forums + email marketing + social network + more... b2evolution includes everything you need to run and maintain a modern website. Optimized for low maintenance with easy upgrades and effective antispam. Full RWD & bootstrap support.
GitHub