Cross-Site Scripting Vulnerability in b2evolution by b2evolution Team
CVE-2016-7149

6.1MEDIUM

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
18 January 2017

What is CVE-2016-7149?

A Cross-Site Scripting (XSS) vulnerability exists in b2evolution versions 6.7.5 and earlier, which enables remote attackers to inject arbitrary web scripts or HTML. This issue is particularly related to the autolink function, potentially affecting how user input is processed and displayed. As a result, attackers could exploit this to execute malicious scripts in the context of the user's browser, jeopardizing user data and session integrity.

References

http://www.openwall.com/lists/oss-security/2016/09/15/4
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/92967
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/09/12/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.