Description

Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.

Remediation

References

CVE-2014-9599

Related Vulnerabilities

MySQL CVE-2020-2903 Vulnerability (CVE-2020-2903)

WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)

OpenSSL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2022-1292)

MySQL CVE-2014-2432 Vulnerability (CVE-2014-2432)

WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)

Severity

Medium

Classification

CVE-2014-9599 CWE-707

Tags

Missing Update Known Vulnerabilities