6.8.7

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-28	CVE-2022-30935	Use of Insufficiently Random Values vulnerability in B2Evolution An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. network low complexity b2evolution CWE-330 critical	9.1
2021-02-09	CVE-2020-22841	Cross-site Scripting vulnerability in B2Evolution Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. network b2evolution CWE-79	3.5
2021-02-09	CVE-2020-22840	Open Redirect vulnerability in B2Evolution Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. network b2evolution CWE-601	5.8
2018-01-02	CVE-2017-1000423	Improper Input Validation vulnerability in B2Evolution b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. network low complexity b2evolution CWE-20	7.5