CVE-2017-20058

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published: Jun 20, 2022
Updated: May 9, 2024
CVE: CVE-2017-20058
GHSA: GHSA-5hfm-g799-wjw6
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
elefantcms / elefantcms	1.3.12-rc	1.3.12-rc.x
elefant / cms	-	1.3.13

http://seclists.org/fulldisclosure/2017/Feb/36
https://vuldb.com/?id.97255

Vulnerability Database

CVE-2017-20058