CVE-2017-20057

Опубликовано: 20 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Ссылки

http://seclists.org/fulldisclosure/2017/Feb/36
Mailing List
Third Party Advisory
https://vuldb.com/?id.97254
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Feb/36
Mailing List
Third Party Advisory
https://vuldb.com/?id.97254
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elefantcms:elefant_cms:1.3.12:rc:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-xwj7-29j7-rw76

CVSS3: 6.1

github

около 3 лет назад

Cross site scripting in Elefant CMS

EPSS

Процентиль: 45%

0.00228

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79