CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20058 – Elefant CMS Version Comparison Persistent cross site scriting
https://notcve.org/view.php?id=CVE-2017-20058
20 Jun 2022 — A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Feb/36 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16387
https://notcve.org/view.php?id=CVE-2018-16387
03 Sep 2018 — An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. Se ha descubierto un problema en versiones anteriores a la 2.0.5 de Elefant CMS. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta mediante /user/add. • https://github.com/jbroadway/elefant/issues/285 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15601
https://notcve.org/view.php?id=CVE-2018-15601
21 Aug 2018 — apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. apps/filemanager/handlers/upload/drop.php en Elefant CMS 2.0.3 realiza un paso urldecode demasiado tarde en el mecanismo de protección "Cannot upload executable files". • https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-6521
https://notcve.org/view.php?id=CVE-2012-6521
24 Jan 2013 — Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. Vulnerabilidad XSS en apps/admin/handlers/versions.php en Elefant CMS v1.2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro id a admin/versions. • http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1296
https://notcve.org/view.php?id=CVE-2012-1296
26 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en apps/admin/handlers/preview.php en Elefant CMS v1.0.x anterior a v1.0.2-Beta y v1.1.x anterior a v1.1.5-Beta permite a atacantes remotos inyectar código web o... • http://secunia.com/advisories/48118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •