CVE-2017-20061 in Elefantinfo

Summary

by MITRE • 06/20/2022

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/20/2022

Moderation

accepted

Entry

VDB-97258

CPE

ready

CWE

CWE-80 (confirmed)

Exploit

Download

CVSS

4.3 (VulDB)

EPSS

0.00195

KEV

Activities

very low

Sector

Lawfirm, Agriculture, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20061
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20061
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20061/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!