Page 2 of 29 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. Una vulnerabilidad de cross-site scripting (XSS) reflejada en el archivo evoadm.php en b2evolution cms versión 6.11.6-stable, permite a atacantes remotos inyectar código web o HTML arbitrario por medio del parámetro tab3 b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html https://sohambakore.medium.com/b2evolution-cms-reflected-xss-in-tab-type-parameter-in-evoadm-php-38886216cdd3 https://www.exploit-db.com/exploits/49555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. Un ataque de tipo XSS almacenado en b2evolution CMS versiones 6.11.6 y anteriores, permite a un atacante llevar a cabo una ejecución de código JavaScript maliciosa por medio del campo de entrada de nombre del plugin en el módulo plugin b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/49551 http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html https://github.com/b2evolution/b2evolution/issues/102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. Una vulnerabilidad de redireccionamiento abierto en b2evolution CMS versiones anteriores a 6.11.6, permite a un atacante llevar a cabo redireccionamientos abiertos maliciosos hacia un recurso controlado por el atacante por medio del parámetro redirect_to en el archivo email_passthrough.php b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability. • http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html https://github.com/b2evolution/b2evolution/issues/102 https://www.exploit-db.com/exploits/49554 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. b2evolution versión 6.7.6, sufre de una vulnerabilidad de Inyección de Objeto en /htsrv/call_plugin.php. • http://www.openwall.com/lists/oss-security/2016/09/30/3 https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d https://github.com/b2evolution/b2evolution/commit/999b5ad1d59760d7e450ceb541f55432fc74cd27 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. b2evolution, de las versiones 6.6.0 a la 6.8.10, es vulnerable a la validación de entradas (escape de barra diagonal inversa y comilla simple) en la funcionalidad de instalación básica. Esto provoca que un atacante no autenticado pueda ejecutar código PHP en la instalación de la víctima. b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability. • https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2 https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c • CWE-20: Improper Input Validation •