Description

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

Remediation

References

CVE-2007-0175

Related Vulnerabilities

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29159)

Ruby Interpretation Conflict Vulnerability (CVE-2021-33621)

WebLogic CVE-2020-2798 Vulnerability (CVE-2020-2798)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25814)

Jboss EAP Cryptographic Issues Vulnerability (CVE-2014-0035)

Severity

Medium

Classification

CVE-2007-0175 CWE-707

Tags

Missing Update Known Vulnerabilities