5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-20061

GHSA ID

GHSA-hgm9-pww2-93pc

EPSS Score

0.40736%

CWE

CWE-79

Published

6/21/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-20061

CVE-2017-20061: Cross site scripting in Elefant CMS

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-20061

GHSA ID

GHSA-hgm9-pww2-93pc

EPSS Score

0.40736%

CWE

CWE-79

Published

6/21/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
elefant/cms	composer	< 1.3.13	1.3.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the /admin/extended endpoint's handling of the 'name' parameter. The PoC shows a direct injection via URL parameters (%3Cimg... payload), indicating the input is reflected unsanitized. In Elefant CMS's MVC structure, this would correspond to a handler method (like Extended::index) responsible for processing the request. The lack of output encoding for the 'name' parameter before rendering it in the admin interface is the root cause. While the exact function name isn't explicitly disclosed, the endpoint and parameter correlation strongly implicate the request handler for this route.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility **s ***n *oun* in *l***nt *MS *.*.**-R* *n* *l*ssi*i** *s pro*l*m*ti*. T*is vuln*r**ility *****ts unknown *o** o* t** *il* /**min/*xt*n***. T** m*nipul*tion o* t** *r*um*nt n*m* wit* t** input %**im*%**sr*=no%**on*rror=*l*rt(*)%** l**

Reasoning

T** vuln*r**ility m*ni**sts in t** /**min/*xt*n*** *n*point's **n*lin* o* t** 'n*m*' p*r*m*t*r. T** Po* s*ows * *ir**t inj**tion vi* URL p*r*m*t*rs (%**im*... p*ylo**), in*i**tin* t** input is r**l**t** uns*nitiz**. In *l***nt *MS's MV* stru*tur*, t*

5.4

Basic Information

Concerned about an active attack path?

CVE-2017-20061: Cross site scripting in Elefant CMS

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI