Fiblue

**Name of the Vulnerable Software and Affected Versions** ForestBlog through 2022-02-16 **Description** The issue allows for XSS during the addition of a user avatar. This occurs in the `admin/profile/save` endpoint, specifically with the `userAvatar` parameter. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For ForestBlog through 2022-02-16, consider disabling the `admin/profile/save` endpoint or restricting access to it until a fix is available. As a temporary workaround, avoid using the `userAvatar` parameter in the affected endpoint to minimize the risk of exploitation.