CVE-2012-5911

B2evolution - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.

References (6)

[Various Sources] http://b2evolution.net/news/2012/04/06/b2evolution-4-1-4-stable

[Exploit] http://packetstormsecurity.org/files/111294/B2Evolution-CMS-4.1.3-SQL-Injection.html

[Various Sources] http://vulnerability-lab.com/get_content.php?id=482

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52783

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74458

[Third Party Advisory, VDB Entry] http://osvdb.org/80672

Scores

EPSS 0.0047

EPSS Percentile 64.6%

Details

CWE

CWE-79

Status published

Products (2)

b2evolution/b2evolution

n/a/n/a

Published Nov 17, 2012

Tracked Since Feb 18, 2026