Description

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

Remediation

References

CVE-2007-0175

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5608)

PHP Numeric Errors Vulnerability (CVE-2007-1383)

WordPress Plugin WP Upload Restriction Multiple Vulnerabilities (2.2.3)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5269)

Severity

Medium

Classification

CVE-2007-0175 CWE-707

Tags

Missing Update Known Vulnerabilities