B2evolution CVE

Filtered by vendor B2evolution Subscriptions

Total 29 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-5910	1 B2evolution	1 B2evolution	2017-08-29	N/A
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
CVE-2009-1657	1 B2evolution	2 B2evolution, Starrating Plugin	2017-08-17	N/A
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-0175	1 B2evolution	1 B2evolution	2017-07-29	N/A
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
CVE-2016-9479	1 B2evolution	1 B2evolution	2017-07-28	N/A
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
CVE-2017-5494	1 B2evolution	1 B2evolution	2017-01-27	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
CVE-2017-5553	1 B2evolution	1 B2evolution	2017-01-26	N/A
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.
CVE-2016-7150	1 B2evolution	1 B2evolution	2017-01-23	N/A
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
CVE-2016-7149	1 B2evolution	1 B2evolution	2017-01-23	N/A
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
CVE-2017-5480	1 B2evolution	1 B2evolution	2017-01-18	N/A
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.

« first previous Page 2 of 2.