CVE-2017-14712

MEDIUM

EPESI < 1.8.2 - Stored Cross-Site Scripting in Tasks Phonecall Notes Title

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14712. PoCs published by Zeeshan Shaikh.

AI-analyzed exploit summary This is a writeup detailing multiple stored XSS vulnerabilities in EPESI version 1.8.2 rev20170830. It provides step-by-step instructions for exploiting XSS in various fields such as task titles, descriptions, and phone call subjects.

Description

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.

Exploits (1)

exploitdb WRITEUP

by Zeeshan Shaikh · textwebappsphp

https://www.exploit-db.com/exploits/42950

View Code ZIP pw:eip

This is a writeup detailing multiple stored XSS vulnerabilities in EPESI version 1.8.2 rev20170830. It provides step-by-step instructions for exploiting XSS in various fields such as task titles, descriptions, and phone call subjects.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EPESI 1.8.2 rev20170830

Auth required

Prerequisites: Access to EPESI application · Valid user credentials · Ability to intercept and modify HTTP requests

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42950/

Scores

CVSS v3 5.4

EPSS 0.0140

EPSS Percentile 68.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

telaxius/epesi < 1.8.2

Published Sep 22, 2017

Tracked Since Feb 18, 2026