A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The CWE definition for the vulnerability is CWE-80. The weakness was published 02/16/2017 by Tim Coen with Curesec Research Team as Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS as Mailinglist Post (Full-Disclosure). It is possible to read the advisory at seclists.org. This vulnerability is known as CVE-2017-20058. The attack can be launched remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 283 days. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability.