CVE-2017-20057 – elefant/cms

Package

Manager: composer
Name: elefant/cms
Vulnerable Version: >=0 <1.3.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00228 pctl0.45451

Details

Cross site scripting in Elefant CMS A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Metadata

Created: 2022-06-21T00:00:48Z
Modified: 2022-06-29T22:42:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-xwj7-29j7-rw76/GHSA-xwj7-29j7-rw76.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-xwj7-29j7-rw76
Finding: F425
Auto approve: 1