CVE-2017-5480

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. dot dot in the fmselected array parameter...

CVE-2017-5480

The CVE-2017-5480 issue affects b2evolution’s back-office flow, specifically the PHP file inc/files/files.ctrl.php. A directory traversal flaw permits remote authenticated users to read or delete arbitrary files by injecting a dot-dot sequence into the fm_selected array parameter. Affected softwa...

b2evolution Arbitrary User Password Reset Vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A security vulnerability exists in the 'lost password' feature in b2evolution versions prior to 6.7.9. The vulnerability can be exploited by a remote attacker to reset the password of any user...

CVE-2016-9479

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...

CVE-2016-9479

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...

Cross site request forgery (csrf)

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...

CVE-2016-9479

The CVE-2016-9479 vulnerability affects b2evolution prior to version 6.7.9, where the lost-password feature allows a remote attacker to reset arbitrary user passwords via a crafted request. This can enable account compromise without user interaction. Root cause, as described across connected docu...

CVE-2016-9479

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...

b2evolution HTML injection vulnerability (CNVD-2016-07942)

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An HTML injection vulnerability exists in b2evolution 6.7.5 and earlier versions, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...

b2evolution HTML Injection Vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An HTML injection vulnerability exists in b2evolution 6.7.5 and earlier versions, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...

b2evolution 'filemanager' cross-site scripting vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution 'filemanager'. The blogs/admin.php script fails to adequately filter the 'fmfilter' parameter. A remote attacker can exploit the...

CVE-2014-9599

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

CVE-2014-9599

CVE-2014-9599 : XSS in the b2evolution filemanager. The vulnerability occurs in the filemanager’s fm_filter parameter used by blogs/admin.php on versions prior to 5.2.1, due to insufficient input validation. Exploitation is remote and can cause injection of arbitrary web script/HTML. Affected pro...

CVE-2014-9599

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

CMS b2evolution 5.2.0 Cross Site Scripting Vulnerability

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability. Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/...

CMS b2evolution 5.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: -...

b2evolution 1.8.2/1.9 _410_stats_gone.page.php app_name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...

b2evolution 1.8.2/1.9 _referer_spam.page.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...

b2evolution 4.1.6 - Multiple Vulnerabilities

No description provided by source...