oss-sec mailing list archives
CVE Request: XSS vulns in b2evolution v6.7.5
From: 陈瑞琦 <chenruiqi () 360 cn>
Date: Mon, 12 Sep 2016 02:19:33 +0000
I have found 2 XSS vulns in b2evolution v 6.7.5 Title: Stored XSS in b2evolution version 6.7.5 amd before Author: Chen Ruiqi, Chenruiqi () 360 cn, @Codesafe Team Download Site: http://b2evolution.net/downloads/ Vendor: b2evolution.net Vendor Notified: 2016-08-12 Vendor Contact: http://b2evolution.net/?disp=msgform -------------------------------------------------------------------------------------------------------- Discription: b2evolution is a content and community management system written in PHP and backed by a MySQL database. It is distributed as free software under the GNU General Public License. b2evolution originally started as a multi-user multi-blog engine when Fran?ois Planque forked b2evolution from version 0.6.1 of b2/cafelog in 2003.[2] A more widely known fork of b2/cafelog is WordPress. b2evolution is available in web host control panels as a "one click install" web app.[3](Wiki) ----------------------------------------------------------------------------------------------------------- Vulnerability: There is stored XSS in b2evolution version 6.7.5 Any user can post a forum with some evil code in it. Post a forum with some thing like [test_forum_xss](http://test.forum.xss"onmouseover="alert(1)"on="1 "test_forum_xss") ---------------------------------------------------------------------------------------------------------- Fix code: https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811 ----------------------------------------------------------------------------------------------------------------- Vulnerability: There is stored XSS in b2evolution version 6.7.5 An authentic user can inject javascript code in the website header. Edit the "Short site name" at set_settings with something like test_short_name_xss" onmouseover=alert(1) on ------------------------------------------------------------------------------------------------------------------------ Fix code: https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c Could you assign CVE id for those? Thank you Chen Ruiqi Codesafe Team
Current thread:
- CVE Request: XSS vulns in b2evolution v6.7.5 陈瑞琦 (Sep 11)
- Re: CVE Request: XSS vulns in b2evolution v6.7.5 cve-assign (Sep 14)