3 matches found
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
CVE-2022-29020
ForestBlog exposes a stored XSS in the admin/profile/save userAvatar flow when adding a user avatar (up to 2022-02-16). The NVD entry lists CVSS v2 base 4.3 (MEDIUM) and CVSS v3.1 base 6.1 (MEDIUM) with network attack vector, user interaction required, and partial information disclosure/integrity...
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...