CVE-2017-5553

Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...

CVE-2017-5539

CVE-2017-5539 relates to a bypass of the directory-traversal patch for b2evolution 6.8.4-stable, allowing an attacker to use ../ to bypass filters and read/delete arbitrary server files or check file existence. Affected product: b2evolution (PHP/MySQL blogging software). Root cause: incomplete fi...

b2evolution Detection

Detection of b2evolution CMS The script sends a HTTP connection request to the server and attempts to detect the presence of b2evolution CMS and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Cross-site Scripting (XSS)

b2evolution is vulnerable to Cross-site scripting XSS vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the site name...

Cross-site Scripting (XSS)

b2evolution is vulnerable to Cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

Cross site scripting

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name...

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

CVE-2016-7150

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name...

CVE-2016-7149

Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...

CVE-2016-7149

CVE-2016-7149 is a Cross-site Scripting (XSS) vulnerability affecting b2evolution

CVE-2016-7150

CVE-2016-7150 is an XSS vulnerability affecting b2evolution (version 6.7.5 and earlier). The issue allows remote authenticated users to inject arbitrary web script or HTML through the site name. Multiple connected sources corroborate XSS in b2evolution with similar details (NVD entry, Veracode su...

Directory Traversal

b2evolution is vulnerable to directory traversal vulnerability. It allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter of inc/files/files.ctrl.php...

Remote Web Code Execution

b2evolution is vulnerable to remote code execution vulnerabilities. It allows remote authenticated users to inject arbitrary web script or HTML via a .swf file in a comment frame or avatar frame of the file types table...

b2evolution directory traversal vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A directory traversal vulnerability exists in b2evolution 6.8.3 and earlier versions, which results from the program failing to adequately validate user-supplied input. A remote attacker could...

Multiple Cross-Site Scripting Vulnerabilities in b2evolution

b2evolution is a PHP and MySQL based blogging software developed by software developer FrancoisPlanque. A cross-site scripting vulnerability exists in the file type table of b2evolution versions prior to 6.8.3. The vulnerability can be exploited by remote attackers to inject arbitrary web script ...

CVE-2017-5494

Multiple cross-site scripting XSS vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a 1 comment frame or 2 avatar frame...

CVE-2017-5480

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

Directory traversal

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

CVE-2017-5494

CVE-2017-5494 affects b2evolution before 6.8.3. Multiple XSS vulnerabilities exist in the file types table, enabling remote authenticated users to inject arbitrary web script or HTML via a .swf file in either the comment frame or the avatar frame. Documents consistently describe the affected comp...