Medium severity5.4OSV Advisory· Published Jan 15, 2017· Updated Jun 17, 2026
CVE-2017-5494
CVE-2017-5494
Description
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …+ 1 more
- (no CPE)range: 6.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …
- (no CPE)range: <=6.8.3
Patches
Vulnerability mechanics
References
3- github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6envdIssue TrackingPatchThird Party Advisory
- github.com/b2evolution/b2evolution/issues/34nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/95452nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.