关键漏洞信息 Vulnerability ID: CVE-2017-20058 Component Affected: Elefant CMS 1.3.12-RC Vulnerability Type: Persistent Cross Site Scripting (XSS) Severity: Problematic (CVSS Meta Temp Score: 3.8) Exploit Price: $0-$5k CTI Interest Score: 0.10 Summary A vulnerability exists in the version comparison component of Elefant CMS 1.3.12-RC, causing persistent cross-site scripting. Key Details CWE Definition: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page Impact: Affects integrity by allowing manipulated input to be interpreted as web scripting elements Disclosure Date: 02/16/2017 by Tim Coen Exploitability: Easy, remote exploitation possible without authentication User Interaction: Required for the attack to succeed Recommended Action: Upgrade the affected component since no public exploit is available