Vulnerability Details CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html
- https://github.com/b2evolution/b2evolution/issues/102
- https://www.exploit-db.com/exploits/49551
- http://packetstormsecurity.com/files/161363/b2evolution-CMS-6.11.6-Cross-Site-Scripting.html
- https://github.com/b2evolution/b2evolution/issues/102
- https://www.exploit-db.com/exploits/49551
Products affected by CVE-2020-22841
-
cpe:2.3:a:b2evolution:b2evolution:4.1.0
-
cpe:2.3:a:b2evolution:b2evolution:4.1.1
-
cpe:2.3:a:b2evolution:b2evolution:4.1.2
-
cpe:2.3:a:b2evolution:b2evolution:4.1.3
-
cpe:2.3:a:b2evolution:b2evolution:4.1.4
-
cpe:2.3:a:b2evolution:b2evolution:4.1.5
-
cpe:2.3:a:b2evolution:b2evolution:4.1.6
-
cpe:2.3:a:b2evolution:b2evolution:4.1.7
-
cpe:2.3:a:b2evolution:b2evolution:5.1.2
-
cpe:2.3:a:b2evolution:b2evolution:5.2.0
-
cpe:2.3:a:b2evolution:b2evolution:5.2.1
-
cpe:2.3:a:b2evolution:b2evolution:5.2.2
-
cpe:2.3:a:b2evolution:b2evolution:6-9-4
-
cpe:2.3:a:b2evolution:b2evolution:6-9-5
-
cpe:2.3:a:b2evolution:b2evolution:6.0.0
-
cpe:2.3:a:b2evolution:b2evolution:6.1.2
-
cpe:2.3:a:b2evolution:b2evolution:6.4.2
-
cpe:2.3:a:b2evolution:b2evolution:6.4.3
-
cpe:2.3:a:b2evolution:b2evolution:6.4.4
-
cpe:2.3:a:b2evolution:b2evolution:6.5.0
-
cpe:2.3:a:b2evolution:b2evolution:6.6.0
-
cpe:2.3:a:b2evolution:b2evolution:6.6.1
-
cpe:2.3:a:b2evolution:b2evolution:6.6.10
-
cpe:2.3:a:b2evolution:b2evolution:6.6.2
-
cpe:2.3:a:b2evolution:b2evolution:6.6.3
-
cpe:2.3:a:b2evolution:b2evolution:6.6.4
-
cpe:2.3:a:b2evolution:b2evolution:6.6.5
-
cpe:2.3:a:b2evolution:b2evolution:6.6.6
-
cpe:2.3:a:b2evolution:b2evolution:6.6.7
-
cpe:2.3:a:b2evolution:b2evolution:6.6.8
-
cpe:2.3:a:b2evolution:b2evolution:6.6.9
-
cpe:2.3:a:b2evolution:b2evolution:6.7.0
-
cpe:2.3:a:b2evolution:b2evolution:6.7.1
-
cpe:2.3:a:b2evolution:b2evolution:6.7.10
-
cpe:2.3:a:b2evolution:b2evolution:6.7.11
-
cpe:2.3:a:b2evolution:b2evolution:6.7.2
-
cpe:2.3:a:b2evolution:b2evolution:6.7.3
-
cpe:2.3:a:b2evolution:b2evolution:6.7.4
-
cpe:2.3:a:b2evolution:b2evolution:6.7.5
-
cpe:2.3:a:b2evolution:b2evolution:6.7.6
-
cpe:2.3:a:b2evolution:b2evolution:6.7.7
-
cpe:2.3:a:b2evolution:b2evolution:6.7.8
-
cpe:2.3:a:b2evolution:b2evolution:6.7.9
-
cpe:2.3:a:b2evolution:b2evolution:6.8.0
-
cpe:2.3:a:b2evolution:b2evolution:6.8.1
-
cpe:2.3:a:b2evolution:b2evolution:6.8.10
-
cpe:2.3:a:b2evolution:b2evolution:6.8.11
-
cpe:2.3:a:b2evolution:b2evolution:6.8.2
-
cpe:2.3:a:b2evolution:b2evolution:6.8.3
-
cpe:2.3:a:b2evolution:b2evolution:6.8.4
-
cpe:2.3:a:b2evolution:b2evolution:6.8.5
-
cpe:2.3:a:b2evolution:b2evolution:6.8.6
-
cpe:2.3:a:b2evolution:b2evolution:6.8.7
-
cpe:2.3:a:b2evolution:b2evolution:6.8.8
-
cpe:2.3:a:b2evolution:b2evolution:6.8.9
-
cpe:2.3:a:b2evolution:b2evolution:6.9.0
-
cpe:2.3:a:b2evolution:b2evolution:6.9.1
-
cpe:2.3:a:b2evolution:b2evolution:6.9.2
-
cpe:2.3:a:b2evolution:b2evolution:6.9.3
-
cpe:2.3:a:b2evolution:b2evolution:6.9.4
-
cpe:2.3:a:b2evolution:b2evolution:6.9.5
-
cpe:2.3:a:b2evolution:b2evolution:6.9.6