CVE-2017-9516

MEDIUM

Craft CMS <2.6.2982 - XSS

Title source: llm

Description

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

Exploits (1)

exploitdb WORKING POC
by Ahsan Tahir · textwebappsphp
https://www.exploit-db.com/exploits/42143

References (4)

Scores

CVSS v3 5.4
EPSS 0.0089
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
craftcms/craft_cms < 2.6.2981
craftcms/cms < 2.6.2982Packagist
n/a/n/a
Published Jun 08, 2017
Tracked Since Feb 18, 2026