Description
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2895 Vulnerability (CVE-2020-2895)
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.1)
Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
WordPress Ultimate Member Plugin CVE-2019-10271 Vulnerability (CVE-2019-10271)
WordPress Plugin Events Manager Multiple Vulnerabilities (5.9.7.3)