Description

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.

Remediation

References

CVE-2016-7150

Related Vulnerabilities

MySQL CVE-2017-10384 Vulnerability (CVE-2017-10384)

PHP Improper Input Validation Vulnerability (CVE-2007-4784)

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

Drupal Incorrect Authorization Vulnerability (CVE-2022-25270)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29523)

Severity

Medium

Classification

CVE-2016-7150 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities