Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p

Cross site scripting in Elefant CMS

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Permalink: https://github.com/advisories/GHSA-hgm9-pww2-93pc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Percentage: 0.0005
EPSS Percentile: 0.20528

Identifiers: GHSA-hgm9-pww2-93pc, CVE-2017-20061
References: Blast Radius: 3.3

Affected Packages

packagist:elefant/cms
Dependent packages: 0
Dependent repositories: 4
Downloads: 873 total
Affected Version Ranges: < 1.3.13
Fixed in: 1.3.13
All affected versions:
All unaffected versions: