CVE-2020-22841

MEDIUM

b2evolution CMS <6.11.6 - XSS

Title source: llm

Description

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Exploits (1)

exploitdb WRITEUP

by Soham Bakore · textwebappsphp

https://www.exploit-db.com/exploits/49551

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/b2evolution/b2evolution/issues/102

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49551

Scores

CVSS v3 4.8

EPSS 0.0044

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

b2evolution/b2evolution < 6.11.6

Published Feb 09, 2021

Tracked Since Feb 18, 2026