Elefant CMS is a simple PHP content management system and web framework from the Canadian personal developer John de Plume. version 1.3.12-RC of Elefant CMS contains a security vulnerability that can be exploited by attackers to perform cross-site scripting attacks.