CVE-2017-5553

2017-01-2307:59:00

Google

osv.dev

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

CPENameOperatorVersion
b2evolutioneq6.5.0
b2evolutioneq6.6.4
b2evolutioneq5.2.0-stable
b2evolutioneq6.4.4-beta
b2evolutioneq6.1.2-alpha
b2evolutioneq6.4.2-beta
b2evolutioneq6.6.8
b2evolutioneq6.7.9
b2evolutioneq6.8.2
b2evolutioneq6.8.1

Name	Operator	Version
b2evolution	eq	6.5.0
b2evolution	eq	6.6.4
b2evolution	eq	5.2.0-stable
b2evolution	eq	6.4.4-beta
b2evolution	eq	6.1.2-alpha
b2evolution	eq	6.4.2-beta
b2evolution	eq	6.6.8
b2evolution	eq	6.7.9
b2evolution	eq	6.8.2
b2evolution	eq	6.8.1