Elefant CMS Multiple XSS Vulnerabilities
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 12, 2024
Package
Affected versions
>= 1.0, < 1.0.2-Beta
>= 1.1, < 1.1.5-Beta
Patched versions
1.0.2-Beta
1.1.5-Beta
Description
Published by the National Vulnerability Database
Aug 26, 2012
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jan 12, 2024
Last updated
Jan 12, 2024
Multiple cross-site scripting (XSS) vulnerabilities in
apps/admin/handlers/preview.php
in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.References