oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: XSS vulns in b2evolution v6.7.5

From: 陈瑞琦 <chenruiqi () 360 cn>
Date: Mon, 12 Sep 2016 02:19:33 +0000
I have found 2 XSS vulns in b2evolution v 6.7.5

Title: Stored XSS in b2evolution version 6.7.5 amd before
Author: Chen Ruiqi, Chenruiqi () 360 cn, @Codesafe Team
Download Site: http://b2evolution.net/downloads/
Vendor: b2evolution.net
Vendor Notified: 2016-08-12
Vendor Contact: http://b2evolution.net/?disp=msgform
--------------------------------------------------------------------------------------------------------
Discription:
b2evolution is a content and community management system written in PHP and backed by a MySQL database. It is 
distributed as free software under the GNU General Public License.
b2evolution originally started as a multi-user multi-blog engine when Fran?ois Planque forked b2evolution from version 
0.6.1 of b2/cafelog in 2003.[2] A more widely known fork of b2/cafelog is WordPress. b2evolution is available in web 
host control panels as a "one click install" web app.[3](Wiki)
-----------------------------------------------------------------------------------------------------------
Vulnerability:
There is stored XSS in b2evolution version 6.7.5
Any user can post a forum with some evil code in it.
Post a forum with some thing like
[test_forum_xss](http://test.forum.xss"onmouseover="alert(1)"on="1 "test_forum_xss")
----------------------------------------------------------------------------------------------------------
Fix code:
https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811
-----------------------------------------------------------------------------------------------------------------
Vulnerability:
There is stored XSS in b2evolution version 6.7.5
An authentic user can inject javascript code in the website header.
Edit the "Short site name" at set_settings with something like
test_short_name_xss" onmouseover=alert(1) on
------------------------------------------------------------------------------------------------------------------------
Fix code:
https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c


Could you assign CVE id for those?

Thank you

Chen Ruiqi
Codesafe Team
Previous By Date Next
Previous By Thread Next

Current thread: