Lucene search

[email protected]NVD:CVE-2020-22841

HistoryFeb 09, 2021 - 2:15 p.m.

CVE-2020-22841

2021-02-0914:15:14

CWE-79

[email protected]

web.nvd.nist.gov

stored xss

b2evolution cms

javascript execution

plugin module

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

58.6%

JSON

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Affected configurations

Nvd

Node

b2evolutionb2evolutionRange<6.11.6

VendorProductVersionCPE
b2evolutionb2evolution*cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
b2evolution	b2evolution	*	cpe:2.3:a:b2evolution:b2evolution::::::::

References

packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html

github.com/b2evolution/b2evolution/issues/102

www.exploit-db.com/exploits/49551

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

58.6%

JSON

Related for NVD:CVE-2020-22841

cvelist1 osv1 exploitdb1 cnvd1 prion1 cve1 openvas1