CVE-2019-17550

Name of the Vulnerable Software and Affected Versions Blog2Social plugin versions prior to 5.9.0

Description The issue allows an attacker to execute arbitrary HTML and JavaScript code via the b2s id parameter. This occurs in the views/b2s/post.calendar.php component when the Administrator is logged in, and a reflected attack may execute upon a click on a malicious URL.

Recommendations For versions prior to 5.9.0, update to version 5.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the views/b2s/post.calendar.php component and avoiding use of the b2s id parameter until the update is applied.