CVE-2016-7150

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-7150

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7150.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-7150

Published

2017-01-18T17:59:00.623Z

Modified

2026-05-17T11:54:31.340493307Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.

References

http://www.securityfocus.com/bid/92967
http://www.openwall.com/lists/oss-security/2016/09/12/1
http://www.openwall.com/lists/oss-security/2016/09/15/4
https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c

CVE-2016-7150

Affected packages