CVE-2017-20060

MEDIUM5.4EPSS 0.21%

Cross site scripting in Elefant CMS

發布日:2022/6/21修改日:2023/11/8

描述

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

受影響套件(1)

Packagist/elefant/cmsfrom 0, < 1.3.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-20060
PATCHhttps://github.com/jbroadway/elefant
WEBhttp://seclists.org/fulldisclosure/2017/Feb/36
WEBhttps://vuldb.com/?id.97257