CVE-2017-11611

MEDIUM

Wolf CMS 0.8.3.1 - Stored Cross-Site Scripting via File and Directory Name in File Manager Plugin

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11611. PoCs published by faizzaidi.

AI-analyzed exploit summary This repository contains a writeup for a Cross-Site Scripting (XSS) vulnerability in WolfCMS v0.8.3.1, identified as CVE-2017-11611. The README file provides minimal details about the vulnerability but lacks actual exploit code or proof-of-concept.

Description

Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).

Exploits (1)

nomisec WRITEUP 2 stars

by faizzaidi · poc

https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc

View Code ZIP pw:eip

This repository contains a writeup for a Cross-Site Scripting (XSS) vulnerability in WolfCMS v0.8.3.1, identified as CVE-2017-11611. The README file provides minimal details about the vulnerability but lacks actual exploit code or proof-of-concept.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: WolfCMS v0.8.3.1

No auth needed

Prerequisites: Access to a vulnerable WolfCMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc

Scores

CVSS v3 5.4

EPSS 0.0090

EPSS Percentile 55.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wolfcms/wolf_cms 0.8.3.1

Published Sep 08, 2017

Tracked Since Feb 18, 2026