CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20058 – Elefant CMS Version Comparison Persistent cross site scriting
https://notcve.org/view.php?id=CVE-2017-20058
20 Jun 2022 — A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Feb/36 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16387
https://notcve.org/view.php?id=CVE-2018-16387
03 Sep 2018 — An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. Se ha descubierto un problema en versiones anteriores a la 2.0.5 de Elefant CMS. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta mediante /user/add. • https://github.com/jbroadway/elefant/issues/285 • CWE-352: Cross-Site Request Forgery (CSRF) •