Stored Cross-Site Scripting Vulnerability in ELabftw by eLabFTW
CVE-2017-1000478

5.4MEDIUM

Key Information:

Vendor: Elabftw
Status: Elabftw
Vendor: CVE Published:; 3 January 2018

What is CVE-2017-1000478?

The ELabftw application, specifically version 1.7.8, is impacted by a stored cross-site scripting vulnerability in its experiment infos component. This flaw allows attackers to inject malicious JavaScript code, potentially compromising user data and system functionality. The exploited vulnerability can lead to arbitrary code execution within the context of the user's session, posing significant risks such as data theft and denial of service.

References

https://github.com/elabftw/elabftw/issues/531

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 3, 2018

CVE-2017-1000478 Data

JSON

Elabftw

What is CVE-2017-1000478?

References

CVSS V3.1

Timeline