Description
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Multiple Vulnerabilities (3.2.0 - 3.6.5)
Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)
WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins Cross-Site Scripting (4.7.0.5)
WordPress Plugin The Sorter SQL Injection (1.0)
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (3.2.8)