CVE-2012-1296
Elefant CMS Multiple XSS Vulnerabilities
EPSS 0.52%
Description
Multiple cross-site scripting (XSS) vulnerabilities in `apps/admin/handlers/preview.php` in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.
How to fix CVE-2012-1296
To remediate CVE-2012-1296, upgrade the affected package to a fixed version below.
- Packagist/elefant/cms—upgrade to 1.0.2-Beta or later
Is CVE-2012-1296 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.0, < 1.0.2-Beta