Vulnerabilities > B2Evolution > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-22839 | Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6 Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | 6.1 |
| 2021-02-09 | CVE-2020-22841 | Cross-site Scripting vulnerability in B2Evolution Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | 4.8 |
| 2021-02-09 | CVE-2020-22840 | Open Redirect vulnerability in B2Evolution Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | 6.1 |
| 2017-01-23 | CVE-2017-5553 | Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. | 5.4 |
| 2017-01-18 | CVE-2016-7150 | Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. | 5.4 |
| 2017-01-18 | CVE-2016-7149 | Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. | 6.1 |
| 2017-01-15 | CVE-2017-5494 | Cross-site Scripting vulnerability in B2Evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. | 5.4 |