Vulnerability Description
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| B2Evolution | B2Evolution | <= 6.7.5 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/09/12/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/15/4Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/92967Third Party AdvisoryVDB Entry
- https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf591Issue TrackingPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/12/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/09/15/4Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/92967Third Party AdvisoryVDB Entry
- https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf591Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-7149?
CVE-2016-7149 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
How severe is CVE-2016-7149?
CVE-2016-7149 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7149?
Check the references section above for vendor advisories and patch information. Affected products include: B2Evolution B2Evolution.