CVE-2016-7150
MEDIUMB2evolution < 6.7.5 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
References (4)
Scores
CVSS v3
5.4
EPSS
0.0039
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (2)
n/a/n/a
b2evolution/b2evolution
< 6.7.5
Timeline
Published
Jan 18, 2017
Tracked Since
Feb 18, 2026