Miggo Logo

CVE-2017-20060: Cross site scripting in Elefant CMS

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.41918%
Published
6/21/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
elefant/cmscomposer< 1.3.131.3.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped output of user-controlled data (blog post titles/tags) in the Blog Post Handler. The Full Disclosure PoC explicitly shows that malicious titles/tags are stored and rendered in multiple contexts (e.g., <title>, <h1>, href attributes). Functions handling persistence (save()) and rendering (render()) are the most likely candidates. While exact code isn't available, Elefant's MVC structure and the component's description strongly suggest these functions are involved in the insecure handling of user input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, w*s *oun* in *l***nt *MS *.*.**-R*. T*is *****ts *n unknown p*rt o* t** *ompon*nt *lo* Post **n*l*r. T** m*nipul*tion l***s to **si* *ross sit* s*riptin* (P*rsist*nt). It is possi*l* to initi*t* t

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output o* us*r-*ontroll** **t* (*lo* post titl*s/t**s) in t** *lo* Post **n*l*r. T** *ull *is*losur* Po* *xpli*itly s*ows t**t m*li*ious titl*s/t**s *r* stor** *n* r*n**r** in multipl* *ont*xts (*.*., <titl*>, <