Cross-Site Scripting Vulnerability in b2evolution by b2evolution
CVE-2016-7150

5.4MEDIUM

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
18 January 2017

What is CVE-2016-7150?

The vulnerability in b2evolution allows remote authenticated users to exploit cross-site scripting (XSS) through the manipulation of the site name. This can lead to the injection of arbitrary web scripts or HTML, potentially compromising the security and integrity of the web application. Versions 6.7.5 and prior are susceptible, making it critical for users to update their installations to mitigate the risks associated with this vulnerability.

References

http://www.openwall.com/lists/oss-security/2016/09/15/4
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/92967
vdb-entryx_refsource_BID
https://github.com/b2evolution/b2evolution/commit/dd975ff...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.