elefant/cms
Packagist13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting elefant/cmspage 1 of 1
- CVE-2012-1296NONECVSS 0.0EG 0.0✓ Fixed in 1.1.5-Beta2012-08-26
Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2…
- CVE-2017-20057MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.3.132022-06-20
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the at…
- CVE-2017-20058MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.3.132022-06-20
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent)…
- CVE-2017-20059LOWCVSS 3.5EG 3.5✓ Fixed in 1.3.132022-06-20
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror…
- CVE-2017-20060LOWCVSS 3.5EG 3.5✓ Fixed in 1.3.132022-06-20
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to…
- CVE-2017-20061MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.3.132022-06-20
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=aler…
- CVE-2017-20062MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.3.132022-06-20
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been …
- CVE-2017-20063MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.3.132022-06-20
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege managem…
- CVE-2017-20064MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.3.132022-06-20
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be …
- CVE-2018-15601CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.42018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
- CVE-2018-16387HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.52018-09-03
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
- CVE-2018-16974CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.72018-09-12
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends i…
- CVE-2018-16975CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.72018-09-12
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insuf…
Check whether elefant/cms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for elefant/cms CVEs against the assets you own.
Start Free Scan →