CVE-2017-20060

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published: Jun 20, 2022
Updated: May 9, 2024
CVE: CVE-2017-20060
GHSA: GHSA-4453-g295-24mh
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
elefantcms / elefant_cms	1.3.12-rc	1.3.12-rc.x
elefant / cms	-	1.3.13

http://seclists.org/fulldisclosure/2017/Feb/36
https://vuldb.com/?id.97257

Vulnerability Database

CVE-2017-20060