CVE-2017-20058 - Vulnerability Details - OpenCVE

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elefantcms	Elefantcms

Configuration 1 [-]

cpe:2.3:a:elefantcms:elefantcms:1.3.12:rc:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Feb/36
https://vuldb.com/?id.97255

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-20T04:50:27

Updated: 2024-08-05T21:45:25.205Z

Reserved: 2022-06-18T00:00:00

Link: CVE-2017-20058

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-20T05:15:07.530

Modified: 2024-11-21T03:22:32.520

Link: CVE-2017-20058

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CMS", "vendor": "Elefant", "versions": [{"status": "affected", "version": "1.3.12-RC"}]}], "credits": [{"lang": "en", "value": "Tim Coen"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80 Basic Cross Site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T04:50:26", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2017/Feb/36"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.97255"}], "title": "Elefant CMS Version Comparison Persistent cross site scriting", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2017-20058", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "Elefant CMS Version Comparison Persistent cross site scriting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CMS", "version": {"version_data": [{"version_value": "1.3.12-RC"}]}}]}, "vendor_name": "Elefant"}]}}, "credit": "Tim Coen", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80 Basic Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2017/Feb/36", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Feb/36"}, {"name": "https://vuldb.com/?id.97255", "refsource": "MISC", "url": "https://vuldb.com/?id.97255"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:25.205Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Feb/36"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.97255"}]}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2017-20058", "datePublished": "2022-06-20T04:50:27", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-05T21:45:25.205Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elefantcms:elefantcms:1.3.12:rc:*:*:*:*:*:*", "matchCriteriaId": "5EB8A996-8507-40B4-96B3-91D6678AB372", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Elefant CMS versi\u00f3n 1.3.12-RC. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Version Comparison. La manipulaci\u00f3n conlleva a un ataque de tipo cross site scripting b\u00e1sico (persistente). El ataque puede ser lanzado remotamente. La actualizaci\u00f3n a versi\u00f3n 1.3.13 puede abordar este problema. Es recomendado actualizar el componente afectado"}], "id": "CVE-2017-20058", "lastModified": "2024-11-21T03:22:32.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-20T05:15:07.530", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Feb/36"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.97255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Feb/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.97255"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}