CVE-2017-20059

Опубликовано: 20 июн. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Ссылки

http://seclists.org/fulldisclosure/2017/Feb/36
Mailing List
Third Party Advisory
https://vuldb.com/?id.97256
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Feb/36
Mailing List
Third Party Advisory
https://vuldb.com/?id.97256
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elefantcms:elefant_cms:1.3.12:rc:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-7f7g-8q3x-jpx9

CVSS3: 5.4

github

больше 3 лет назад

Cross site scripting in Elefant CMS

EPSS

Процентиль: 43%

0.00206

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-80

CWE-79