{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T09:58:00.224","vulnerabilities":[{"cve":{"id":"CVE-2017-20057","sourceIdentifier":"cna@vuldb.com","published":"2022-06-20T05:15:07.323","lastModified":"2026-06-17T01:15:00.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."},{"lang":"es","value":"Se ha encontrado una vulnerabilidad clasificada como problemática en Elefant CMS versión 1.3.12-RC. La función afectada es desconocida. La manipulación del argumento username conlleva a un ataque de tipo cross site scripting básico (Persistente). Es posible lanzar el ataque de forma remota. La actualización a versión 1.3.13 puede abordar este problema. Es recomendado actualizar el componente afectado"}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Elefant","product":"CMS","versions":[{"version":"1.3.12-RC","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-14T17:13:14.973775Z","id":"CVE-2017-20057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elefantcms:elefant_cms:1.3.12:rc:*:*:*:*:*:*","matchCriteriaId":"926E5836-46DB-4894-A140-C5ACDA5AC1D1"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Feb/36","source":"cna@vuldb.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://vuldb.com/?id.97254","source":"cna@vuldb.com","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://vuldb.com/?id.97254","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}