B2evolution » B2evolution : Security Vulnerabilities, CVEs, Published In November 2012
Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-11-17
Updated
2017-08-29
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
Max CVSS
6.5
EPSS Score
0.26%
Published
2012-11-17
Updated
2017-08-29
2 vulnerabilities found