Description

Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.

Remediation

References

CVE-2014-9599

Related Vulnerabilities

Oracle Database Server CVE-2004-2345 Vulnerability (CVE-2004-2345)

Moodle Other Vulnerability (CVE-2006-4937)

WordPress Plugin YITH WooCommerce Compare PHP Object Injection (2.0.9)

WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)

WebLogic CVE-2022-21441 Vulnerability (CVE-2022-21441)

Severity

Medium

Classification

CVE-2014-9599 CWE-707

Tags

Missing Update Known Vulnerabilities