CVE-2017-1000478

NONE EPSS 51.0%
Published Jan 3, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 3, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.

Threat Intelligence

EPSS Exploit Probability
51.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
elabftwelabftw1.7.8any

References 1

  • github.com https://github.com/elabftw/elabftw/issues/531
    ExploitIssue TrackingThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.