Elefant CMS 1.3.12-RC Version Comparison Persistent cross site scripting

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The CWE definition for the vulnerability is CWE-80. The weakness was published 02/16/2017 by Tim Coen with Curesec Research Team as Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS as Mailinglist Post (Full-Disclosure). It is possible to read the advisory at seclists.org. This vulnerability is known as CVE-2017-20058. The attack can be launched remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 283 days. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	02/24/2017 15:42	08/17/2020 09:26	06/18/2022 16:18
vendor	Elefant	Elefant	Elefant
name	CMS	CMS	CMS
version	1.3.12-RC	1.3.12-RC	1.3.12-RC
component	Version Comparison	Version Comparison	Version Comparison
vendorinformdate	1462752000	1462752000	1462752000
risk	1	1	1
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	3.9	3.9	3.9
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_researcher_av	N	N	N
cvss2_researcher_ac	L	L	L
cvss2_researcher_au	N	N	N
cvss2_researcher_ci	N	N	N
cvss2_researcher_ii	P	P	P
cvss2_researcher_ai	N	N	N
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	3.8	3.8	3.8
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.8	3.8	3.8
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
titleword	Persistent	Persistent	Persistent
date	1487203200 (02/16/2017)	1487203200 (02/16/2017)	1487203200 (02/16/2017)
location	Full-Disclosure	Full-Disclosure	Full-Disclosure
type	Mailinglist Post	Mailinglist Post	Mailinglist Post
url	http://seclists.org/fulldisclosure/2017/Feb/36	http://seclists.org/fulldisclosure/2017/Feb/36	http://seclists.org/fulldisclosure/2017/Feb/36
identifier	Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS	Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS	Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS
person_name	Tim Coen	Tim Coen	Tim Coen
company_name	Curesec Research Team	Curesec Research Team	Curesec Research Team
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Upgrade	Upgrade	Upgrade
upgrade_version	1.3.13	1.3.13	1.3.13
seealso	97254 97256 97257 97258	97254 97256 97257 97258	97254 97256 97257 97258
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	UC	UC	UC
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	U	U	U
0day_days	283	283	283
type		Content Management System	Content Management System
cwe	0	80 (cross site scripting)	80 (cross site scripting)
cve			CVE-2017-20058
responsible			VulDB
cvss2_researcher_basescore			5.0

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!