Medium severity5.4NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-1000160
CVE-2017-1000160
Description
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Affected products
2cpe:2.3:a:expressionengine:expressionengine:3.4.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:expressionengine:expressionengine:3.4.2:*:*:*:*:*:*:*
- (no CPE)range: <3.4.3
Patches
Vulnerability mechanics
References
1- docs.expressionengine.com/latest/about/changelog.htmlnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.