CVE-2017-14717
MEDIUMEPESI < 1.8.2.4 - Stored Cross-Site Scripting in Tasks Description Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-14717. PoCs published by Zeeshan Shaikh.
AI-analyzed exploit summary This is a writeup detailing multiple stored XSS vulnerabilities in EPESI version 1.8.2 rev20170830. It provides step-by-step instructions for exploiting XSS in various fields such as task titles, descriptions, and phone call subjects.
Description
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
Exploits (1)
exploitdb
WRITEUP
by Zeeshan Shaikh · textwebappsphp
https://www.exploit-db.com/exploits/42950
This is a writeup detailing multiple stored XSS vulnerabilities in EPESI version 1.8.2 rev20170830. It provides step-by-step instructions for exploiting XSS in various fields such as task titles, descriptions, and phone call subjects.
Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
EPESI 1.8.2 rev20170830
Auth required
Prerequisites:
Access to EPESI application · Valid user credentials · Ability to intercept and modify HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42950/
Scores
CVSS v3
5.4
EPSS
0.0140
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
telaxius/epesi
< 1.8.2.4
Published
Sep 22, 2017
Tracked Since
Feb 18, 2026