Description

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Remediation

References

CVE-2020-22841

Related Vulnerabilities

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5875)

WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-14340)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'title' Parameter Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5)

Severity

Medium

Classification

CVE-2020-22841 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities