B2evolution v6.7.5 XSS vulns
Posted on 30 November -0001
<HTML><HEAD><TITLE>b2evolution v6.7.5 XSS vulns</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>I have found 2 XSS vulns in b2evolution v 6.7.5 Title: Stored XSS in b2evolution version 6.7.5 amd before Author: Chen Ruiqi, Chenruiqi () 360 cn, @Codesafe Team Download Site: http://b2evolution.net/downloads/ Vendor: b2evolution.net Vendor Notified: 2016-08-12 Vendor Contact: http://b2evolution.net/?disp=msgform -------------------------------------------------------------------------------------------------------- Discription: b2evolution is a content and community management system written in PHP and backed by a MySQL database. It is distributed as free software under the GNU General Public License. b2evolution originally started as a multi-user multi-blog engine when Fran?ois Planque forked b2evolution from version 0.6.1 of b2/cafelog in 2003.[2] A more widely known fork of b2/cafelog is WordPress. b2evolution is available in web host control panels as a "one click install" web app.[3](Wiki) ----------------------------------------------------------------------------------------------------------- Vulnerability: There is stored XSS in b2evolution version 6.7.5 Any user can post a forum with some evil code in it. Post a forum with some thing like [test_forum_xss](http://test.forum.xss"onmouseover="alert(1)"on="1 "test_forum_xss") ---------------------------------------------------------------------------------------------------------- Fix code: https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811 ----------------------------------------------------------------------------------------------------------------- Vulnerability: There is stored XSS in b2evolution version 6.7.5 An authentic user can inject javascript code in the website header. Edit the "Short site name" at set_settings with something like test_short_name_xss" onmouseover=alert(1) on ------------------------------------------------------------------------------------------------------------------------ Fix code: https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c </BODY></HTML>
