ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.Referenceshttps://github.com/saysky/ForestBlog/issues/76
