CVE-2017-20058

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-20058

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20058.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-20058

Aliases

GHSA-5hfm-g799-wjw6

Published

2022-06-20T05:15:07.530Z

Modified

2026-04-10T03:59:04.992622Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/jbroadway/elefant

Affected ranges

Type

GIT

Repo

https://github.com/jbroadway/elefant

Events

Introduced

Last affected

bbe9f999990dc0fbe69997c935e5a7fa96e73b31

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.12-rc"
        }
    ]
}

Affected versions

Other

elefant_0_9_0_alpha

elefant_0_9_13_rc

elefant_0_9_1_alpha

elefant_0_9_2_beta

elefant_0_9_3_beta

elefant_0_9_4_beta

elefant_0_9_5_beta

elefant_0_9_6_beta

elefant_0_9_7_beta

elefant_0_9_8_beta

elefant_0_9_9_beta

elefant_1_1_0_beta

elefant_1_1_1_beta

elefant_1_1_3_beta

elefant_1_3_0_beta

elefant_1_3_10_beta

elefant_1_3_12_rc

elefant_1_3_1_beta

elefant_1_3_3_beta

elefant_1_3_4_beta

elefant_1_3_5_beta

elefant_1_3_6_beta

elefant_1_3_7_beta

elefant_1_3_8_beta

elefant_1_3_9_beta

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20058.json"