CVE-2017-20062
Cross-Site Request Forgery in Elefant CMS
8.8
HIGH
CVSS 3.1
EPSS 0.14%
Description
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
How to fix CVE-2017-20062
To remediate CVE-2017-20062, upgrade the affected package to a fixed version below.
- —upgrade to 1.3.13 or later
Is CVE-2017-20062 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |