Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Jan 2015 19:02:53 +0100
From: Steffen Rösemann <>
Subject: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS
 vulnerability in filemanager functionality

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in CMS b2evolution v.5.2.0
(release-date: 30th Dec 2014). It is located in its filemanager
functionality, which can be accessed in the administrative backend by the
following URL (assuming a common b2evolution installation):


The "fm_filter" parameter is vulnerable to XSS attacks and can be exploited
by an attacker like in the following example:


Could you please assign a CVE-ID for it?

Thank you very much!


Steffen Rösemann



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ