CVE-2017-20058

Опубликовано: 20 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Ссылки

http://seclists.org/fulldisclosure/2017/Feb/36
Exploit
Mailing List
Third Party Advisory
https://vuldb.com/?id.97255
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Feb/36
Exploit
Mailing List
Third Party Advisory
https://vuldb.com/?id.97255
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elefantcms:elefantcms:1.3.12:rc:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-5hfm-g799-wjw6

CVSS3: 6.1

github

больше 3 лет назад

Cross site scripting in Elefant CMS

EPSS

Процентиль: 47%

0.0024

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79