Stored XSS Vulnerability in b2evolution CMS Affects Multiple Versions
CVE-2020-22841

4.8MEDIUM

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
9 February 2021

What is CVE-2020-22841?

A stored cross-site scripting (XSS) vulnerability exists in b2evolution CMS versions 6.11.6 and earlier. This flaw allows attackers to inject and execute malicious JavaScript code through the plugin name input field within the plugin module. If successfully exploited, this vulnerability can compromise user data and lead to further attacks on the affected site. It is essential for users of b2evolution CMS to upgrade to the latest version to mitigate this risk.

References

https://github.com/b2evolution/b2evolution/issues/102
x_refsource_MISC
http://packetstormsecurity.com/files/161363/b2evolution-C...
x_refsource_MISC
https://www.exploit-db.com/exploits/49551
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.