{"package":"elefant/cms","ecosystem":"composer","latest_version":"2.4.1-stable","description":"The Elefant CMS","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://www.elefantcms.com/","repository":"https://github.com/jbroadway/elefant","downloads_weekly":0,"health":{"score":8,"risk":"critical","breakdown":{"maintenance":5,"popularity":0,"security":0,"maturity":3,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":13,"critical":3,"high":4,"medium":6,"low":0,"details":[{"vuln_id":"CVE-2017-20060","severity":"medium","summary":"Cross site scripting in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00206,"epss_percentile":0.42677,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20058","severity":"medium","summary":"Cross site scripting in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.0024,"epss_percentile":0.47235,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-16974","severity":"critical","summary":"Elefant CMS Code Execution Vulnerability","affected_versions":"<2.0.7","fixed_version":"2.0.7","source":"osv","published_at":"2022-05-14T01:57:58Z","in_kev":false,"epss_prob":0.00244,"epss_percentile":0.47674,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-16387","severity":"high","summary":"Elefant CMS CSRF Vulnerability","affected_versions":"<2.0.5","fixed_version":"2.0.5","source":"osv","published_at":"2022-05-14T02:19:18Z","in_kev":false,"epss_prob":0.00134,"epss_percentile":0.32619,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20059","severity":"medium","summary":"Cross site scripting in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00206,"epss_percentile":0.42677,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20064","severity":"high","summary":"Code injection in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00476,"epss_percentile":0.64911,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20061","severity":"medium","summary":"Cross site scripting in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00195,"epss_percentile":0.41164,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20063","severity":"high","summary":"Unrestricted Upload of File with Dangerous Type in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00295,"epss_percentile":0.52778,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-15601","severity":"critical","summary":"Elefant CMS Improper Input Validation","affected_versions":"<2.0.4","fixed_version":"2.0.4","source":"osv","published_at":"2022-05-14T02:20:16Z","in_kev":false,"epss_prob":0.00411,"epss_percentile":0.61435,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20062","severity":"high","summary":"Cross-Site Request Forgery in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.00138,"epss_percentile":0.33464,"threat_tier":"theoretical"},{"vuln_id":"CVE-2012-1296","severity":"medium","summary":"Elefant CMS Multiple XSS Vulnerabilities","affected_versions":">=1.0,<1.0.2-Beta|>=1.1,<1.1.5-Beta","fixed_version":"1.1.5-Beta","source":"osv","published_at":"2022-05-17T01:48:19Z","in_kev":false,"epss_prob":0.00516,"epss_percentile":0.66699,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-16975","severity":"critical","summary":"Elefant CMS PHP Code Execution Vulnerability","affected_versions":"<2.0.7","fixed_version":"2.0.7","source":"osv","published_at":"2022-05-13T01:19:19Z","in_kev":false,"epss_prob":0.00573,"epss_percentile":0.6876,"threat_tier":"theoretical"},{"vuln_id":"CVE-2017-20057","severity":"medium","summary":"Cross site scripting in Elefant CMS","affected_versions":"<1.3.13","fixed_version":"1.3.13","source":"osv","published_at":"2022-06-21T00:00:48Z","in_kev":false,"epss_prob":0.0024,"epss_percentile":0.47235,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.4.1-stable","total_count":2,"recent":["2.4.1-stable","2.2.7-stable"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2024-10-16T15:56:29+00:00","dependencies_count":6,"dependencies":["php","pda/pheanstalk","google/apiclient","pragmarx/google2fa-qrcode","chillerlan/php-qrcode","bshaffer/oauth2-server-php"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (8/100)","4 high severity vulnerabilities","3 critical vulnerabilities"],"use_version":"2.4.1-stable","version_hint":"Update to >= 1.3.13 to fix known vulnerabilities","summary":"elefant/cms has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":501,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":2,"first_release_age_days":null,"last_release_days_ago":560,"avg_days_between_releases":null,"release_velocity":"stale"}}