2020-02-24 17:04:35
mitre
PUBLISHED
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.