Description
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21056 Vulnerability (CVE-2024-21056)
WordPress Plugin Magic Fields 2 Cross-Site Scripting (2.3.2.4)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)
WordPress Plugin Filter Custom Fields & Taxonomies Light Unspecified Vulnerability (1.04)
WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)