CVE-2020-22841

MEDIUM

b2evolution < 6.11.6 - Stored Cross-Site Scripting via Plugin Name Input Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-22841. PoCs published by Soham Bakore.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in b2evolution 6.11.6. The exploit involves injecting a malicious payload into the plugin name field, which executes when a victim accesses the plugin page.

Description

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Exploits (1)

exploitdb WRITEUP

by Soham Bakore · textwebappsphp

https://www.exploit-db.com/exploits/49551

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in b2evolution 6.11.6. The exploit involves injecting a malicious payload into the plugin name field, which executes when a victim accesses the plugin page.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: b2evolution 6.11.6

Auth required

Prerequisites: High-privileged account access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/b2evolution/b2evolution/issues/102

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49551

Scores

CVSS v3 4.8

EPSS 0.0354

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

b2evolution/b2evolution < 6.11.6

Published Feb 09, 2021

Tracked Since Feb 18, 2026