CVE-2017-5494

Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
References
Link Resource
http://www.securityfocus.com/bid/95452 Third Party Advisory VDB Entry
https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e Issue Tracking Patch Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/34 Issue Tracking Patch Third Party Advisory
http://www.securityfocus.com/bid/95452 Third Party Advisory VDB Entry
https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e Issue Tracking Patch Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/34 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:27

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/95452 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95452 - Third Party Advisory, VDB Entry
References () https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e - Issue Tracking, Patch, Third Party Advisory () https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/b2evolution/b2evolution/issues/34 - Issue Tracking, Patch, Third Party Advisory () https://github.com/b2evolution/b2evolution/issues/34 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-01-15 22:59

Updated : 2024-11-21 03:27


NVD link : CVE-2017-5494

Mitre link : CVE-2017-5494

CVE.ORG link : CVE-2017-5494


JSON object : View

Products Affected

b2evolution

  • b2evolution
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')