Cross-Site Scripting Vulnerability in b2evolution File Manager
CVE-2014-9599

Currently unrated

Key Information:

Vendor: B2evolution
Status: B2evolution
Vendor: CVE Published:; 16 January 2015

🔔 Create B2evolution Vulnerability Alert

What is CVE-2014-9599?

A Cross-Site Scripting vulnerability exists in the file manager of b2evolution prior to version 5.2.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the fm_filter parameter within blogs/admin.php. Successful exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the victim or compromise of the application's integrity.

References

http://b2evolution.net/downloads/5-2-1-stable

x_refsource_CONFIRM

http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jan/48

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jan 16, 2015
Vulnerability Reserved
Jan 16, 2015

JSON