Description
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
Remediation
References
Related Vulnerabilities
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4)
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2017-15095)
WordPress Plugin Blog social sharing component Cross-Site Request Forgery (1.4.5)
WordPress Plugin Social Sharing-Social Warfare Malicious Code (4.4.7.1)
WordPress Plugin WP-Lister Lite for eBay Cross-Site Scripting (2.0.8.3)