CVE-2017-5494

Name of the Vulnerable Software and Affected Versions b2evolution versions prior to 6.8.4

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a .swf file in a comment frame or avatar frame, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For versions prior to 6.8.4, update to version 6.8.4 or later to resolve the issue.