6.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.1%
Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.
CPE | Name | Operator | Version |
---|---|---|---|
elefantcms | eq | 1.1.1-beta | |
elefantcms | eq | <= 1.1.4-beta | |
elefantcms | eq | 1.1.3-beta | |
elefantcms | eq | 1.1.2-beta | |
elefantcms | le | 1.0.1 |