Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9516Cross-site Scripting in Craft CMS

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.8%
top 26.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Craftcms CMSCraftcms Craft CMS
Timeline
PublishedJun 8
Latest updateMay 17

Description

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

Packagistcraftcms/cms< 2.6.2982
NVDcraftcms/craft_cms2.6.2981

🔴Vulnerability Details

3
OSV
Craft CMS XSS Vulnerability2022-05-17
GHSA
Craft CMS XSS Vulnerability2022-05-17
CVEList
CVE-2017-9516: Craft CMS before 22017-06-08

💥Exploits & PoCs

1
Exploit-DB
Craft CMS 2.6 - Cross-Site Scripting2017-06-08
CVE-2017-9516 — Cross-site Scripting in Craft CMS | cvebase