Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2017-5494
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-15 Jan, 2017 | 22:59
Updated At-20 Apr, 2025 | 01:37

Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
b2evolution
b2evolution
>>b2evolution>>Versions up to 6.8.3(inclusive)
cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/95452cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6ecve@mitre.org
Issue Tracking
Patch
Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/34cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
http://www.securityfocus.com/bid/95452af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6eaf854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/34af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
Change History
0Changes found
Details not found