Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

270 matches found

CVE
CVEadded 2017/01/23 6:49 a.m.54 views

CVE-2017-5553

CVE-2017-5553 describes a Cross-Site Scripting (XSS) vulnerability in b2evolution’s Markdown plugin: plugins/markdown_plugin/_markdown.plugin.php, affecting versions before 6.8.5. The root cause is improper validation/execution of user-supplied input, enabling remote authenticated users to inject...

5.4CVSS5AI score0.01188EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2017/01/23 6:49 a.m.26 views

CVE-2017-5553

Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...

5.1AI score0.01188EPSS
Exploits0References3
OpenVAS
OpenVASadded 2017/01/20 12:0 a.m.23 views

b2evolution Detection

Detection of b2evolution CMS The script sends a HTTP connection request to the server and attempts to detect the presence of b2evolution CMS and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

7.2AI score
Exploits0References1
Veracode
Veracodeadded 2017/01/19 9:18 a.m.21 views

Cross-site Scripting (XSS)

b2evolution is vulnerable to Cross-site scripting XSS vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the site name...

5.4CVSS5.2AI score0.00904EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2017/01/19 9:13 a.m.17 views

Cross-site Scripting (XSS)

b2evolution is vulnerable to Cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

6.1CVSS5.9AI score0.01239EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2017/01/18 5:59 p.m.16 views

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

6.1CVSS5.8AI score
Exploits0References4
Prion
Prionadded 2017/01/18 5:59 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name...

3.5CVSS5.6AI score0.00904EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2017/01/18 5:59 p.m.16 views

CVE-2016-7150

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name...

5.4CVSS5.1AI score0.00904EPSS
Exploits0References4
NVD
NVDadded 2017/01/18 5:59 p.m.21 views

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

6.1CVSS6AI score0.01239EPSS
Exploits0References4
CVE
CVEadded 2017/01/18 5:0 p.m.52 views

CVE-2016-7149

CVE-2016-7149 is a Cross-site Scripting (XSS) vulnerability affecting b2evolution

6.1CVSS5.9AI score0.01239EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2017/01/18 5:0 p.m.46 views

CVE-2016-7150

CVE-2016-7150 is an XSS vulnerability affecting b2evolution (version 6.7.5 and earlier). The issue allows remote authenticated users to inject arbitrary web script or HTML through the site name. Multiple connected sources corroborate XSS in b2evolution with similar details (NVD entry, Veracode su...

5.4CVSS5.2AI score0.00904EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2017/01/18 5:0 p.m.24 views

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

6AI score0.01239EPSS
Exploits0References4
Veracode
Veracodeadded 2017/01/16 3:3 a.m.18 views

Directory Traversal

b2evolution is vulnerable to directory traversal vulnerability. It allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter of inc/files/files.ctrl.php...

8.1CVSS7.9AI score0.02441EPSS
Exploits0References2Affected Software1
Veracode
Veracodeadded 2017/01/16 2:43 a.m.22 views

Remote Web Code Execution

b2evolution is vulnerable to remote code execution vulnerabilities. It allows remote authenticated users to inject arbitrary web script or HTML via a .swf file in a comment frame or avatar frame of the file types table...

5.4CVSS6.2AI score0.01165EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2017/01/16 12:0 a.m.2 views

b2evolution directory traversal vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A directory traversal vulnerability exists in b2evolution 6.8.3 and earlier versions, which results from the program failing to adequately validate user-supplied input. A remote attacker could...

8.1CVSS8.6AI score0.02441EPSS
Exploits0References1
CNVD
CNVDadded 2017/01/16 12:0 a.m.3 views

Multiple Cross-Site Scripting Vulnerabilities in b2evolution

b2evolution is a PHP and MySQL based blogging software developed by software developer FrancoisPlanque. A cross-site scripting vulnerability exists in the file type table of b2evolution versions prior to 6.8.3. The vulnerability can be exploited by remote attackers to inject arbitrary web script ...

5.4CVSS5.3AI score0.01165EPSS
Exploits0References1
Prion
Prionadded 2017/01/15 10:59 p.m.16 views

Directory traversal

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

5.5CVSS8.3AI score0.02441EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2017/01/15 10:59 p.m.19 views

CVE-2017-5480

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

8.1CVSS6.4AI score
Exploits0References3
NVD
NVDadded 2017/01/15 10:59 p.m.17 views

CVE-2017-5494

Multiple cross-site scripting XSS vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a 1 comment frame or 2 avatar frame...

5.4CVSS5.2AI score0.01165EPSS
Exploits0References3
Cvelist
Cvelistadded 2017/01/15 10:0 p.m.20 views

CVE-2017-5480

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

7.7AI score0.02441EPSS
Exploits0References3
Rows per page
Query Builder