Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9599

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9599
Last Modified 20 Jan 2015 08:54:27
Published 16 Jan 2015 10:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9599

Summary

Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.

Vulnerable Systems

Application

  • B2evolution 5.2.0


References

CONFIRM - https://twitter.com/SecLists/status/554937224366546944

XF - b2evolution-fmfilter-xss(99891)

BID - 72052

MISC - http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-09.html

MISC - http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html

FULLDISC - 20150113 Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0

MISC - http://packetstormsecurity.com/files/129940/CMS-b2evolution-5.2.0-Cross-Site-Scripting.html

CONFIRM - http://b2evolution.net/downloads/5-2-1-stable


Last Updated: 27 May 2016 11:07:34