Description

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Remediation

References

CVE-2020-22841

Related Vulnerabilities

Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)

WordPress Plugin Subscriber by BestWebSoft Cross-Site Scripting (1.3.4)

Drupal Other Vulnerability (CVE-2008-3661)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)

WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1)

Severity

Medium

Classification

CVE-2020-22841 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities