Cross-Site Scripting Vulnerability in b2evolution File Manager
CVE-2014-9599

Currently unrated

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
16 January 2015

What is CVE-2014-9599?

A Cross-Site Scripting vulnerability exists in the file manager of b2evolution prior to version 5.2.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the fm_filter parameter within blogs/admin.php. Successful exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the victim or compromise of the application's integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://b2evolution.net/downloads/5-2-1-stable
x_refsource_CONFIRM
http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jan/48
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.