CVE-2022-50957

Name of the Vulnerable Software and Affected Versions avatar uploader version 7.x-1.0-beta8

Description A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs containing script payloads in the file parameter of 'avatar uploader.pages.inc' to execute arbitrary JavaScript in the browsers of victims.

Recommendations As a temporary workaround, avoid using the file parameter in the 'avatar uploader.pages.inc' component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.