Vulnerability Details CVE-2017-9516
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://craftcms.com/changelog#2-6-2982
- https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
- https://twitter.com/CraftCMS/status/872599894912937984
- https://www.exploit-db.com/exploits/42143/
- https://craftcms.com/changelog#2-6-2982
- https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
- https://twitter.com/CraftCMS/status/872599894912937984
- https://www.exploit-db.com/exploits/42143/
Products affected by CVE-2017-9516
-
cpe:2.3:a:craftcms:craft_cms:0.9.0
-
cpe:2.3:a:craftcms:craft_cms:0.9.2063
-
cpe:2.3:a:craftcms:craft_cms:0.9.2064
-
cpe:2.3:a:craftcms:craft_cms:0.9.2065
-
cpe:2.3:a:craftcms:craft_cms:0.9.2068
-
cpe:2.3:a:craftcms:craft_cms:0.9.2071
-
cpe:2.3:a:craftcms:craft_cms:0.9.2078
-
cpe:2.3:a:craftcms:craft_cms:0.9.2079
-
cpe:2.3:a:craftcms:craft_cms:0.9.2080
-
cpe:2.3:a:craftcms:craft_cms:0.9.2081
-
cpe:2.3:a:craftcms:craft_cms:0.9.2083
-
cpe:2.3:a:craftcms:craft_cms:0.9.2084
-
cpe:2.3:a:craftcms:craft_cms:0.9.2090
-
cpe:2.3:a:craftcms:craft_cms:0.9.2092
-
cpe:2.3:a:craftcms:craft_cms:0.9.2094
-
cpe:2.3:a:craftcms:craft_cms:0.9.2100
-
cpe:2.3:a:craftcms:craft_cms:0.9.2101
-
cpe:2.3:a:craftcms:craft_cms:0.9.2102
-
cpe:2.3:a:craftcms:craft_cms:0.9.2103
-
cpe:2.3:a:craftcms:craft_cms:0.9.2104
-
cpe:2.3:a:craftcms:craft_cms:0.9.2106
-
cpe:2.3:a:craftcms:craft_cms:0.9.2112
-
cpe:2.3:a:craftcms:craft_cms:0.9.2114
-
cpe:2.3:a:craftcms:craft_cms:0.9.2115
-
cpe:2.3:a:craftcms:craft_cms:0.9.2116
-
cpe:2.3:a:craftcms:craft_cms:0.9.2117
-
cpe:2.3:a:craftcms:craft_cms:0.9.2123
-
cpe:2.3:a:craftcms:craft_cms:0.9.2124
-
cpe:2.3:a:craftcms:craft_cms:0.9.2127
-
cpe:2.3:a:craftcms:craft_cms:0.9.2131
-
cpe:2.3:a:craftcms:craft_cms:0.9.2133
-
cpe:2.3:a:craftcms:craft_cms:0.9.2135
-
cpe:2.3:a:craftcms:craft_cms:0.9.2136
-
cpe:2.3:a:craftcms:craft_cms:0.9.2137
-
cpe:2.3:a:craftcms:craft_cms:0.9.2146
-
cpe:2.3:a:craftcms:craft_cms:0.9.2151
-
cpe:2.3:a:craftcms:craft_cms:0.9.2157
-
cpe:2.3:a:craftcms:craft_cms:0.9.2163
-
cpe:2.3:a:craftcms:craft_cms:0.9.2164
-
cpe:2.3:a:craftcms:craft_cms:0.9.2165
-
cpe:2.3:a:craftcms:craft_cms:0.9.2167
-
cpe:2.3:a:craftcms:craft_cms:0.9.2168
-
cpe:2.3:a:craftcms:craft_cms:0.9.2177
-
cpe:2.3:a:craftcms:craft_cms:0.9.2181
-
cpe:2.3:a:craftcms:craft_cms:0.9.2184
-
cpe:2.3:a:craftcms:craft_cms:0.9.2189
-
cpe:2.3:a:craftcms:craft_cms:0.9.2193
-
cpe:2.3:a:craftcms:craft_cms:0.9.2194
-
cpe:2.3:a:craftcms:craft_cms:0.9.2199
-
cpe:2.3:a:craftcms:craft_cms:0.9.2200
-
cpe:2.3:a:craftcms:craft_cms:0.9.2201
-
cpe:2.3:a:craftcms:craft_cms:0.9.2202
-
cpe:2.3:a:craftcms:craft_cms:0.9.2204
-
cpe:2.3:a:craftcms:craft_cms:0.9.2205
-
cpe:2.3:a:craftcms:craft_cms:0.9.2211
-
cpe:2.3:a:craftcms:craft_cms:0.9.2213
-
cpe:2.3:a:craftcms:craft_cms:0.9.2214
-
cpe:2.3:a:craftcms:craft_cms:0.9.2216
-
cpe:2.3:a:craftcms:craft_cms:0.9.2218
-
cpe:2.3:a:craftcms:craft_cms:0.9.2219
-
cpe:2.3:a:craftcms:craft_cms:0.9.2222
-
cpe:2.3:a:craftcms:craft_cms:0.9.2235
-
cpe:2.3:a:craftcms:craft_cms:0.9.2240
-
cpe:2.3:a:craftcms:craft_cms:0.9.2243
-
cpe:2.3:a:craftcms:craft_cms:0.9.2246
-
cpe:2.3:a:craftcms:craft_cms:0.9.2260
-
cpe:2.3:a:craftcms:craft_cms:0.9.2262
-
cpe:2.3:a:craftcms:craft_cms:1.0.0
-
cpe:2.3:a:craftcms:craft_cms:1.0.2266
-
cpe:2.3:a:craftcms:craft_cms:1.0.2267
-
cpe:2.3:a:craftcms:craft_cms:1.0.2270
-
cpe:2.3:a:craftcms:craft_cms:1.0.2273
-
cpe:2.3:a:craftcms:craft_cms:1.0.2274
-
cpe:2.3:a:craftcms:craft_cms:1.0.2275
-
cpe:2.3:a:craftcms:craft_cms:1.0.2277
-
cpe:2.3:a:craftcms:craft_cms:1.0.2278
-
cpe:2.3:a:craftcms:craft_cms:1.0.2280
-
cpe:2.3:a:craftcms:craft_cms:1.1.0
-
cpe:2.3:a:craftcms:craft_cms:1.1.2291
-
cpe:2.3:a:craftcms:craft_cms:1.1.2293
-
cpe:2.3:a:craftcms:craft_cms:1.1.2298
-
cpe:2.3:a:craftcms:craft_cms:1.1.2300
-
cpe:2.3:a:craftcms:craft_cms:1.1.2302
-
cpe:2.3:a:craftcms:craft_cms:1.1.2304
-
cpe:2.3:a:craftcms:craft_cms:1.1.2305
-
cpe:2.3:a:craftcms:craft_cms:1.1.2313
-
cpe:2.3:a:craftcms:craft_cms:1.1.2314
-
cpe:2.3:a:craftcms:craft_cms:1.1.2321
-
cpe:2.3:a:craftcms:craft_cms:1.2.0
-
cpe:2.3:a:craftcms:craft_cms:1.2.2333
-
cpe:2.3:a:craftcms:craft_cms:1.2.2335
-
cpe:2.3:a:craftcms:craft_cms:1.2.2336
-
cpe:2.3:a:craftcms:craft_cms:1.2.2337
-
cpe:2.3:a:craftcms:craft_cms:1.2.2339
-
cpe:2.3:a:craftcms:craft_cms:1.2.2358
-
cpe:2.3:a:craftcms:craft_cms:1.2.2363
-
cpe:2.3:a:craftcms:craft_cms:1.2.2367
-
cpe:2.3:a:craftcms:craft_cms:1.2.2371
-
cpe:2.3:a:craftcms:craft_cms:1.2.2375
-
cpe:2.3:a:craftcms:craft_cms:1.2.2387
-
cpe:2.3:a:craftcms:craft_cms:1.2.2392
-
cpe:2.3:a:craftcms:craft_cms:1.2.2396
-
cpe:2.3:a:craftcms:craft_cms:1.2.2399
-
cpe:2.3:a:craftcms:craft_cms:1.3.0
-
cpe:2.3:a:craftcms:craft_cms:1.3.2409
-
cpe:2.3:a:craftcms:craft_cms:1.3.2410
-
cpe:2.3:a:craftcms:craft_cms:1.3.2415
-
cpe:2.3:a:craftcms:craft_cms:1.3.2416
-
cpe:2.3:a:craftcms:craft_cms:1.3.2418
-
cpe:2.3:a:craftcms:craft_cms:1.3.2419
-
cpe:2.3:a:craftcms:craft_cms:1.3.2420
-
cpe:2.3:a:craftcms:craft_cms:1.3.2422
-
cpe:2.3:a:craftcms:craft_cms:1.3.2456
-
cpe:2.3:a:craftcms:craft_cms:1.3.2459
-
cpe:2.3:a:craftcms:craft_cms:1.3.2461
-
cpe:2.3:a:craftcms:craft_cms:1.3.2462
-
cpe:2.3:a:craftcms:craft_cms:1.3.2465
-
cpe:2.3:a:craftcms:craft_cms:1.3.2473
-
cpe:2.3:a:craftcms:craft_cms:1.3.2485
-
cpe:2.3:a:craftcms:craft_cms:1.3.2486
-
cpe:2.3:a:craftcms:craft_cms:1.3.2487
-
cpe:2.3:a:craftcms:craft_cms:1.3.2494
-
cpe:2.3:a:craftcms:craft_cms:1.3.2496
-
cpe:2.3:a:craftcms:craft_cms:1.3.2507
-
cpe:2.3:a:craftcms:craft_cms:1.4.0
-
cpe:2.3:a:craftcms:craft_cms:2.0.2524
-
cpe:2.3:a:craftcms:craft_cms:2.0.2525
-
cpe:2.3:a:craftcms:craft_cms:2.0.2527
-
cpe:2.3:a:craftcms:craft_cms:2.0.2528
-
cpe:2.3:a:craftcms:craft_cms:2.0.2532
-
cpe:2.3:a:craftcms:craft_cms:2.0.2533
-
cpe:2.3:a:craftcms:craft_cms:2.0.2535
-
cpe:2.3:a:craftcms:craft_cms:2.0.2536
-
cpe:2.3:a:craftcms:craft_cms:2.0.2537
-
cpe:2.3:a:craftcms:craft_cms:2.0.2538
-
cpe:2.3:a:craftcms:craft_cms:2.0.2539
-
cpe:2.3:a:craftcms:craft_cms:2.0.2540
-
cpe:2.3:a:craftcms:craft_cms:2.0.2541
-
cpe:2.3:a:craftcms:craft_cms:2.0.2542
-
cpe:2.3:a:craftcms:craft_cms:2.0.2543
-
cpe:2.3:a:craftcms:craft_cms:2.0.2548
-
cpe:2.3:a:craftcms:craft_cms:2.0.2549
-
cpe:2.3:a:craftcms:craft_cms:2.0.2551
-
cpe:2.3:a:craftcms:craft_cms:2.1.0
-
cpe:2.3:a:craftcms:craft_cms:2.1.2554
-
cpe:2.3:a:craftcms:craft_cms:2.1.2555
-
cpe:2.3:a:craftcms:craft_cms:2.1.2556
-
cpe:2.3:a:craftcms:craft_cms:2.1.2557
-
cpe:2.3:a:craftcms:craft_cms:2.1.2559
-
cpe:2.3:a:craftcms:craft_cms:2.1.2561
-
cpe:2.3:a:craftcms:craft_cms:2.1.2562
-
cpe:2.3:a:craftcms:craft_cms:2.1.2563
-
cpe:2.3:a:craftcms:craft_cms:2.1.2564
-
cpe:2.3:a:craftcms:craft_cms:2.1.2566
-
cpe:2.3:a:craftcms:craft_cms:2.1.2568
-
cpe:2.3:a:craftcms:craft_cms:2.1.2569
-
cpe:2.3:a:craftcms:craft_cms:2.1.2570
-
cpe:2.3:a:craftcms:craft_cms:2.2.0
-
cpe:2.3:a:craftcms:craft_cms:2.2.2579
-
cpe:2.3:a:craftcms:craft_cms:2.2.2581
-
cpe:2.3:a:craftcms:craft_cms:2.2.2582
-
cpe:2.3:a:craftcms:craft_cms:2.2.2586
-
cpe:2.3:a:craftcms:craft_cms:2.2.2587
-
cpe:2.3:a:craftcms:craft_cms:2.2.2588
-
cpe:2.3:a:craftcms:craft_cms:2.2.2589
-
cpe:2.3:a:craftcms:craft_cms:2.2.2590
-
cpe:2.3:a:craftcms:craft_cms:2.2.2591
-
cpe:2.3:a:craftcms:craft_cms:2.2.2592
-
cpe:2.3:a:craftcms:craft_cms:2.2.2593
-
cpe:2.3:a:craftcms:craft_cms:2.2.2596
-
cpe:2.3:a:craftcms:craft_cms:2.2.2598
-
cpe:2.3:a:craftcms:craft_cms:2.2.2601
-
cpe:2.3:a:craftcms:craft_cms:2.2.2604
-
cpe:2.3:a:craftcms:craft_cms:2.2.2607
-
cpe:2.3:a:craftcms:craft_cms:2.3.0
-
cpe:2.3:a:craftcms:craft_cms:2.3.2615
-
cpe:2.3:a:craftcms:craft_cms:2.3.2616
-
cpe:2.3:a:craftcms:craft_cms:2.3.2617
-
cpe:2.3:a:craftcms:craft_cms:2.3.2618
-
cpe:2.3:a:craftcms:craft_cms:2.3.2620
-
cpe:2.3:a:craftcms:craft_cms:2.3.2621
-
cpe:2.3:a:craftcms:craft_cms:2.3.2623
-
cpe:2.3:a:craftcms:craft_cms:2.3.2624
-
cpe:2.3:a:craftcms:craft_cms:2.3.2625
-
cpe:2.3:a:craftcms:craft_cms:2.3.2626
-
cpe:2.3:a:craftcms:craft_cms:2.3.2627
-
cpe:2.3:a:craftcms:craft_cms:2.3.2629
-
cpe:2.3:a:craftcms:craft_cms:2.3.2632
-
cpe:2.3:a:craftcms:craft_cms:2.3.2635
-
cpe:2.3:a:craftcms:craft_cms:2.3.2636
-
cpe:2.3:a:craftcms:craft_cms:2.3.2639
-
cpe:2.3:a:craftcms:craft_cms:2.3.2640
-
cpe:2.3:a:craftcms:craft_cms:2.3.2641
-
cpe:2.3:a:craftcms:craft_cms:2.3.2642
-
cpe:2.3:a:craftcms:craft_cms:2.3.2643
-
cpe:2.3:a:craftcms:craft_cms:2.3.2644
-
cpe:2.3:a:craftcms:craft_cms:2.4.2664
-
cpe:2.3:a:craftcms:craft_cms:2.4.2666
-
cpe:2.3:a:craftcms:craft_cms:2.4.2667
-
cpe:2.3:a:craftcms:craft_cms:2.4.2668
-
cpe:2.3:a:craftcms:craft_cms:2.4.2669
-
cpe:2.3:a:craftcms:craft_cms:2.4.2670
-
cpe:2.3:a:craftcms:craft_cms:2.4.2675
-
cpe:2.3:a:craftcms:craft_cms:2.4.2677
-
cpe:2.3:a:craftcms:craft_cms:2.4.2679
-
cpe:2.3:a:craftcms:craft_cms:2.4.2682
-
cpe:2.3:a:craftcms:craft_cms:2.4.2684
-
cpe:2.3:a:craftcms:craft_cms:2.4.2688
-
cpe:2.3:a:craftcms:craft_cms:2.4.2691
-
cpe:2.3:a:craftcms:craft_cms:2.4.2692
-
cpe:2.3:a:craftcms:craft_cms:2.4.2693
-
cpe:2.3:a:craftcms:craft_cms:2.4.2695
-
cpe:2.3:a:craftcms:craft_cms:2.4.2696
-
cpe:2.3:a:craftcms:craft_cms:2.4.2697
-
cpe:2.3:a:craftcms:craft_cms:2.4.2698
-
cpe:2.3:a:craftcms:craft_cms:2.4.2699
-
cpe:2.3:a:craftcms:craft_cms:2.4.2700
-
cpe:2.3:a:craftcms:craft_cms:2.4.2701
-
cpe:2.3:a:craftcms:craft_cms:2.4.2702
-
cpe:2.3:a:craftcms:craft_cms:2.4.2723
-
cpe:2.3:a:craftcms:craft_cms:2.4.2725
-
cpe:2.3:a:craftcms:craft_cms:2.4.2726
-
cpe:2.3:a:craftcms:craft_cms:2.5.0
-
cpe:2.3:a:craftcms:craft_cms:2.5.2750
-
cpe:2.3:a:craftcms:craft_cms:2.5.2752
-
cpe:2.3:a:craftcms:craft_cms:2.5.2753
-
cpe:2.3:a:craftcms:craft_cms:2.5.2754
-
cpe:2.3:a:craftcms:craft_cms:2.5.2755
-
cpe:2.3:a:craftcms:craft_cms:2.5.2757
-
cpe:2.3:a:craftcms:craft_cms:2.5.2759
-
cpe:2.3:a:craftcms:craft_cms:2.5.2760
-
cpe:2.3:a:craftcms:craft_cms:2.5.2761
-
cpe:2.3:a:craftcms:craft_cms:2.5.2762
-
cpe:2.3:a:craftcms:craft_cms:2.5.2763
-
cpe:2.3:a:craftcms:craft_cms:2.5.2765
-
cpe:2.3:a:craftcms:craft_cms:2.5.2767
-
cpe:2.3:a:craftcms:craft_cms:2.6.2771
-
cpe:2.3:a:craftcms:craft_cms:2.6.2773
-
cpe:2.3:a:craftcms:craft_cms:2.6.2774
-
cpe:2.3:a:craftcms:craft_cms:2.6.2776
-
cpe:2.3:a:craftcms:craft_cms:2.6.2778
-
cpe:2.3:a:craftcms:craft_cms:2.6.2779
-
cpe:2.3:a:craftcms:craft_cms:2.6.2780
-
cpe:2.3:a:craftcms:craft_cms:2.6.2781
-
cpe:2.3:a:craftcms:craft_cms:2.6.2783
-
cpe:2.3:a:craftcms:craft_cms:2.6.2784
-
cpe:2.3:a:craftcms:craft_cms:2.6.2785
-
cpe:2.3:a:craftcms:craft_cms:2.6.2788
-
cpe:2.3:a:craftcms:craft_cms:2.6.2789
-
cpe:2.3:a:craftcms:craft_cms:2.6.2791
-
cpe:2.3:a:craftcms:craft_cms:2.6.2793
-
cpe:2.3:a:craftcms:craft_cms:2.6.2794
-
cpe:2.3:a:craftcms:craft_cms:2.6.2795
-
cpe:2.3:a:craftcms:craft_cms:2.6.2796
-
cpe:2.3:a:craftcms:craft_cms:2.6.2797
-
cpe:2.3:a:craftcms:craft_cms:2.6.2798
-
cpe:2.3:a:craftcms:craft_cms:2.6.2804
-
cpe:2.3:a:craftcms:craft_cms:2.6.2903
-
cpe:2.3:a:craftcms:craft_cms:2.6.2911
-
cpe:2.3:a:craftcms:craft_cms:2.6.2916
-
cpe:2.3:a:craftcms:craft_cms:2.6.2922
-
cpe:2.3:a:craftcms:craft_cms:2.6.2923
-
cpe:2.3:a:craftcms:craft_cms:2.6.2929
-
cpe:2.3:a:craftcms:craft_cms:2.6.2930
-
cpe:2.3:a:craftcms:craft_cms:2.6.2931
-
cpe:2.3:a:craftcms:craft_cms:2.6.2940
-
cpe:2.3:a:craftcms:craft_cms:2.6.2944
-
cpe:2.3:a:craftcms:craft_cms:2.6.2945
-
cpe:2.3:a:craftcms:craft_cms:2.6.2949
-
cpe:2.3:a:craftcms:craft_cms:2.6.2950
-
cpe:2.3:a:craftcms:craft_cms:2.6.2951
-
cpe:2.3:a:craftcms:craft_cms:2.6.2952
-
cpe:2.3:a:craftcms:craft_cms:2.6.2953
-
cpe:2.3:a:craftcms:craft_cms:2.6.2954
-
cpe:2.3:a:craftcms:craft_cms:2.6.2955
-
cpe:2.3:a:craftcms:craft_cms:2.6.2956
-
cpe:2.3:a:craftcms:craft_cms:2.6.2957
-
cpe:2.3:a:craftcms:craft_cms:2.6.2958
-
cpe:2.3:a:craftcms:craft_cms:2.6.2959
-
cpe:2.3:a:craftcms:craft_cms:2.6.2960
-
cpe:2.3:a:craftcms:craft_cms:2.6.2961
-
cpe:2.3:a:craftcms:craft_cms:2.6.2962
-
cpe:2.3:a:craftcms:craft_cms:2.6.2963
-
cpe:2.3:a:craftcms:craft_cms:2.6.2964
-
cpe:2.3:a:craftcms:craft_cms:2.6.2965
-
cpe:2.3:a:craftcms:craft_cms:2.6.2966
-
cpe:2.3:a:craftcms:craft_cms:2.6.2967
-
cpe:2.3:a:craftcms:craft_cms:2.6.2968
-
cpe:2.3:a:craftcms:craft_cms:2.6.2969
-
cpe:2.3:a:craftcms:craft_cms:2.6.2970
-
cpe:2.3:a:craftcms:craft_cms:2.6.2971
-
cpe:2.3:a:craftcms:craft_cms:2.6.2972
-
cpe:2.3:a:craftcms:craft_cms:2.6.2973
-
cpe:2.3:a:craftcms:craft_cms:2.6.2974
-
cpe:2.3:a:craftcms:craft_cms:2.6.2975
-
cpe:2.3:a:craftcms:craft_cms:2.6.2976
-
cpe:2.3:a:craftcms:craft_cms:2.6.2977
-
cpe:2.3:a:craftcms:craft_cms:2.6.2978
-
cpe:2.3:a:craftcms:craft_cms:2.6.2979
-
cpe:2.3:a:craftcms:craft_cms:2.6.2980
-
cpe:2.3:a:craftcms:craft_cms:2.6.2981