I've had a few sites that got hacked because the client had weak passwords or "heaven forbid" I didn't write the code correctly! :-)
There are a tremendous number of automated "vulnerability scans" and "password hacks" running on the Internet that insert code into sites. And yes your problem may have started with an uploaded file.
The last hack that hit a client, inserted a JavaScript script into every index.php, index.html, and index.htm that it found in the site's whole directory tree. Fortunately this particular hack was an obscure Joomla hack that just damaged the files and didn't cause too much havoc - other than lost money and time :-(. This site wasn't even based on Joomla!
Make sure any ftp & admin panel passwords are "STRONG" so at least your site isn't susceptible to these kind of hacks.
As far as XSS and CSRF go - see:
http://en.wikipedia.org/wiki/Cross-site_scripting http://en.wikipedia.org/wiki/Cross-site_request_forgery
Also, review your raw log files and look for a series of request for files that returned 404 errors from the same IP address. You'll notice that there will be a bunch of requests returning 404's all throughout your raw logs that are in close proximity. This is an indication of an automated vulnerability scan, but sometimes it's just a determined "script kiddy."
Many times these scans are trying to access files such as: admin/index.php, phpMyAdmin/index.php, phpMyAdmin, etc. and as stated they're bunched together in a group.
Also, look at the modification time of the file(s) that that have been hacked to limit your log search to around that time (typically the damage doesn't start to show up until some time after the file changes). Also, look at the file time of the php script file that inserted the bad code. This is of course post-mortem, but it will help in protecting against the problem in the future. CHANGE YOUR PASSWORDS!
Finally, as Markus mentioned, it might just be an XSS attack based upon comments in the blog. Make sure that b2Evolution is properly cleansing any comments being posted by users and no b2evolution installation files are still on the server.
(This last one I'm just making an assumption as I've never installed or used b2evolution on a site.)