PT-2022-7934 · Unknown · Elefant Cms

Tim Coen

Published

2022-06-20

Updated

2022-06-28

CVE-2017-20061

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Elefant CMS version 1.3.12-RC

Description A problematic issue has been found in the software, affecting unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Elefant CMS version 1.3.12-RC, upgrade to version 1.3.13 to address this issue. As a temporary workaround, consider restricting access to the /admin/extended file until the upgrade is applied. Avoid using the name argument in the affected file until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2017-20061

GHSA-HGM9-PWW2-93PC

Affected Products

Elefant Cms

PT-2022-7934 · Unknown · Elefant Cms

CVE-2017-20061

Weakness Enumeration

Related Identifiers

Affected Products

References · 7