CVE-2017-5494

Published: 2017-01-15T22:59Z

Last Modified: 2024-11-21T03:27Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt