Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p
Cross site scripting in Elefant CMS
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
Permalink: https://github.com/advisories/GHSA-hgm9-pww2-93pcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.0005
EPSS Percentile: 0.20528
Identifiers: GHSA-hgm9-pww2-93pc, CVE-2017-20061
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-20061
- https://vuldb.com/?id.97258
- http://seclists.org/fulldisclosure/2017/Feb/36
- https://github.com/advisories/GHSA-hgm9-pww2-93pc
Affected Packages
packagist:elefant/cms
Dependent packages: 0Dependent repositories: 4
Downloads: 873 total
Affected Version Ranges: < 1.3.13
Fixed in: 1.3.13
All affected versions:
All unaffected versions: