Cross-Site Scripting Vulnerability in b2evolution by the Vendor
CVE-2017-5553

5.4MEDIUM

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
23 January 2017

What is CVE-2017-5553?

A Cross-Site Scripting (XSS) vulnerability exists in the Markdown plugin of b2evolution prior to version 6.8.5. This flaw allows remote authenticated users to craft and inject arbitrary JavaScript or HTML code through a specially modified javascript: URL. As a result, it could potentially lead to unauthorized access to sensitive user data or site manipulation. Users are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/95704
vdb-entryx_refsource_BID
http://b2evolution.net/downloads/6-8-5
x_refsource_CONFIRM
https://github.com/b2evolution/b2evolution/commit/ce5b36e...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.