Description
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.4)
WordPress Plugin Gallery Master-Responsive Photo Galleries & Albums Cross-Site Scripting (1.0.22)
WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)
WordPress Plugin iQ Block Country Unspecified Vulnerability (1.1.33)
WordPress Plugin WP Portfolio Gallery Cross-Site Scripting (1.0.0)