Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-15T22:00:00
Updated: 2024-08-05T15:04:14.746Z
Reserved: 2017-01-15T00:00:00
Link: CVE-2017-5494
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-01-15T22:59:00.190
Modified: 2024-11-21T03:27:45.147
Link: CVE-2017-5494
Redhat
No data.