CVE-2017-20058

MEDIUM6.1EPSS 0.24%

Cross site scripting in Elefant CMS

發布日:2022/6/21修改日:2023/11/8

描述

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

受影響套件(1)

Packagist/elefant/cmsfrom 0, < 1.3.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-20058
PATCHhttps://github.com/jbroadway/elefant
WEBhttp://seclists.org/fulldisclosure/2017/Feb/36
WEBhttps://vuldb.com/?id.97255