CVE-2017-20059 in Elefantinfo

Summary

by MITRE • 06/20/2022

A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/20/2022

Moderation

accepted

Entry

VDB-97256

CPE

ready

CWE

CWE-80 (confirmed)

CVSS

3.5 (VulDB)

EPSS

0.00433

KEV

Activities

very low

Sector

Hostingprovider, Agriculture, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20059
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20059
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20059/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!