CVE-2017-20057

MEDIUM6.1EPSS 0.24%

Cross site scripting in Elefant CMS

發布日:2022/6/21修改日:2023/11/8

描述

A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

受影響套件(1)

Packagist/elefant/cmsfrom 0, < 1.3.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-20057
PATCHhttps://github.com/jbroadway/elefant
WEBhttp://seclists.org/fulldisclosure/2017/Feb/36
WEBhttps://vuldb.com/?id.97254