exploitDog

CVE-2017-8085

Опубликовано: 24 апр. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.

Ссылки

http://www.exponentcms.org/news/patch-5-released-for-v2-4-1-to-fix-a-few-critical-issues
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98043
https://github.com/exponentcms/exponent-cms/commit/0b2241ff1c7d86376fa260c5d4c1714f6cef9c0f
Patch
https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.1patch5
Patch
Vendor Advisory
http://www.exponentcms.org/news/patch-5-released-for-v2-4-1-to-fix-a-few-critical-issues
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98043
https://github.com/exponentcms/exponent-cms/commit/0b2241ff1c7d86376fa260c5d4c1714f6cef9c0f
Patch
https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.1patch5
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exponentcms:exponent_cms:*:p4:*:*:*:*:*:*

Версия до 2.4.0 (включая)

EPSS

Процентиль: 58%

0.00368

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vx85-wf69-x8rp

CVSS3: 6.1

github

больше 3 лет назад

In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.

EPSS

Процентиль: 58%

0.00368

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79