2 matches found
CVE-2016-11020
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution...
CVE-2016-11020
CVE-2016-11020 affects Kunena before 5.0.4, where avatar uploads do not restrict extensions to gif, jpeg, jpg, or png. This weak input validation enables potential XSS and remote code execution. Root cause: insufficient validation on avatar file extension during upload. Impact (per sources): part...