elefantcms

Top products

The 14 most recently published vulnerabilities affecting elefantcms.

• CVE-2017-20064Elefant CMS layout code injection6.3Jun 20, 2022
• CVE-2017-20063Elefant CMS File Upload drop privileges management6.3Jun 20, 2022
• CVE-2017-20062Elefant CMS cross-site request forgery5.0Jun 20, 2022
• CVE-2017-20061Elefant CMS extended Reflected cross site scriting4.3Jun 20, 2022
• CVE-2017-20060Elefant CMS Blog Post Persistent cross site scriting3.5Jun 20, 2022
• CVE-2017-20059Elefant CMS Title Persistent cross site scriting3.5Jun 20, 2022
• CVE-2017-20058Elefant CMS Version Comparison Persistent cross site scriting4.3Jun 20, 2022
• CVE-2017-20057Elefant CMS Persistent cross site scriting4.3Jun 20, 2022
• CVE-2018-16975An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjun...9.8Sep 12, 2018
• CVE-2018-16974An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess f...9.8Sep 12, 2018
• CVE-2018-16387An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.8.8Sep 3, 2018
• CVE-2018-15601apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.9.8Aug 21, 2018
• CVE-2012-6521Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions.4.3Jan 24, 2013
• CVE-2012-1296Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary ...4.3Aug 26, 2012