CVE-2020-22841

Published: Feb 9, 2021Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Affected (1)

Products: B2evolution: B2evolution

B2evolution

1 product

B2evolution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
B2evolution B2evolution	Before 6.11.6

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/b2evolution/b2evolution/issues/102

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/49551

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/b2evolution/b2evolution/issues/102

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/49551

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.