CVE-2020-22839

MEDIUM

b2evolution CMS 6.11.6 - Reflected Cross-Site Scripting via evoadm.php tab3 Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-22839. PoCs published by Nakul Ratti.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in b2evolution 6.11.6 via the 'tab3' parameter. The PoC provides a URL that, when accessed by an authenticated victim, triggers malicious JavaScript execution in the browser context.

Description

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

Exploits (1)

exploitdb WORKING POC
by Nakul Ratti · textwebappsphp
https://www.exploit-db.com/exploits/49555

This exploit demonstrates a reflected XSS vulnerability in b2evolution 6.11.6 via the 'tab3' parameter. The PoC provides a URL that, when accessed by an authenticated victim, triggers malicious JavaScript execution in the browser context.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: b2evolution 6.11.6
Auth required
Prerequisites: Victim must be authenticated · Victim must visit crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0452
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
b2evolution/b2evolution_cms 6.11.6
Published Feb 09, 2021
Tracked Since Feb 18, 2026