Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor B2evolution Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22840 1 B2evolution 1 B2evolution 2021-02-17 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
CVE-2020-22841 1 B2evolution 1 B2evolution 2021-02-17 3.5 LOW 4.8 MEDIUM
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
CVE-2020-22839 1 B2evolution 1 B2evolution Cms 2021-02-12 4.3 MEDIUM 6.1 MEDIUM
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
CVE-2017-5494 1 B2evolution 1 B2evolution 2017-01-27 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
CVE-2017-5553 1 B2evolution 1 B2evolution 2017-01-26 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.
CVE-2016-7149 1 B2evolution 1 B2evolution 2017-01-23 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
CVE-2016-7150 1 B2evolution 1 B2evolution 2017-01-23 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.