Miggo Logo

CVE-2017-20057: Cross site scripting in Elefant CMS

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.45577%
Published
6/21/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
elefant/cmscomposer< 1.3.131.3.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized username input handling and unescaped output in admin interfaces. Key evidence includes: 1) The PoC shows XSS triggers in user edit pages (/user/edit) and version comparisons (/admin/versions), implicating these handlers. 2) Persistent XSS requires both storage and unsafe rendering - User::save likely stores raw input while template rendering functions fail to escape it. 3) The CMS's admin interface structure suggests these are core user management components. While exact code isn't available, the attack pattern and Elefant's MVC architecture strongly indicate these functions as vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility *l*ssi*i** *s pro*l*m*ti* **s ***n *oun* in *l***nt *MS *.*.**-R*. *****t** is *n unknown *un*tion. T** m*nipul*tion o* t** *r*um*nt us*rn*m* l***s to **si* *ross sit* s*riptin* (P*rsist*nt). It is possi*l* to l*un** t** *tt**k r*mot*

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us*rn*m* input **n*lin* *n* un*s**p** output in **min int*r****s. K*y *vi**n** in*lu**s: *) T** Po* s*ows XSS tri***rs in us*r **it p***s (`/us*r/**it`) *n* v*rsion *omp*risons (`/**min/v*rsions`), impli**tin*