Miggo Logo
Miggo Vulnerability Database
CVE-2017-15686

CVE-2017-15686: Cross-site scripting in Crafter CMS Crafter Studio

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2017-15686
GHSA ID
GHSA-ph76-rhqq-xj7j
EPSS Score
0.54997%
CWE
CWE-79
Published
2/9/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.craftercms:crafter-studiomaven<= 3.0.13.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

While no explicit patch details are provided, the XSS nature (CWE-79) and affected component (Crafter Studio UI) suggest vulnerabilities in content rendering paths. The highest confidence targets are:

  1. Dashboard controllers handling site/content display
  2. Content service methods returning raw user data These would appear in profilers when processing malicious payloads during content rendering operations. The medium confidence reflects educated guessing based on typical Java CMS patterns rather than explicit patch evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*r**t*r *MS *r**t*r Stu*io *.*.* is *****t** *y: *ross Sit* S*riptin* (XSS), w*i** *llows r*mot* *tt**k*rs to st**l us*rs’ *ooki*s.

Reasoning

W*il* no *xpli*it p*t** **t*ils *r* provi***, t** XSS n*tur* (*W*-**) *n* *****t** *ompon*nt (*r**t*r Stu*io UI) su***st vuln*r**iliti*s in *ont*nt r*n**rin* p*t*s. T** *i***st *on*i**n** t*r**ts *r*: *. **s**o*r* *ontroll*rs **n*lin* sit*/*ont*nt *i