Vulnerabilities > B2Evolution

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-23	CVE-2017-5553	Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. network low complexity b2evolution CWE-79	5.4
2017-01-23	CVE-2017-5539	Path Traversal vulnerability in B2Evolution 6.8.4 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. network low complexity b2evolution CWE-22 critical	9.1
2017-01-18	CVE-2016-7150	Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. network low complexity b2evolution CWE-79	5.4
2017-01-18	CVE-2016-7149	Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. network low complexity b2evolution CWE-79	6.1
2017-01-15	CVE-2017-5494	Cross-site Scripting vulnerability in B2Evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. network low complexity b2evolution CWE-79	5.4
2017-01-15	CVE-2017-5480	Path Traversal vulnerability in B2Evolution Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. network low complexity b2evolution CWE-22	8.1
2016-12-02	CVE-2016-9479	Credentials Management vulnerability in B2Evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. network low complexity b2evolution CWE-255	7.5

Vulnerabilities > B2Evolution {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"B2Evolution"}]}

Vulnerabilities > B2Evolution