PatchSiren cyber security CVE debrief

CVE-2017-6489 Epesi CVE debrief

CVE-2017-6489 is a reflected cross-site scripting issue in EPESI 1.8.1.1. According to the NVD record, insufficient filtering of user-supplied parameters passed to EPESI-master/modules/Utils/Watchdog/subscribe.php can let an attacker inject HTML or script that executes in a victim’s browser in the context of the vulnerable site. The published severity is medium (CVSS 6.1), but the impact still matters because successful exploitation can expose user data or enable session abuse in a web application context.

Vendor: Epesi
Product: CVE-2017-6489
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-05
Original CVE updated: 2026-05-13
Advisory published: 2017-03-05
Advisory updated: 2026-05-13

Who should care

EPESI administrators, application owners, and security teams running EPESI 1.8.1.1—especially on internet-facing deployments. End users are at risk if they can be induced to visit a crafted URL that targets the vulnerable endpoint.

Technical summary

NVD maps CVE-2017-6489 to EPESI version 1.8.1.1 and CWE-79. The vulnerability is described as multiple XSS issues caused by insufficient filtration of the element, state, cat, id, and cid parameters used by the subscribe.php endpoint. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates a network-reachable issue that requires user interaction, with low confidentiality and integrity impact and no availability impact.

Defensive priority

Medium-high for exposed EPESI instances. The issue requires user interaction, but because it affects a browser-based workflow and can execute script in the site’s origin, it should be remediated promptly on public-facing deployments.

Recommended defensive actions

Update EPESI to a version that addresses the issue, if a fixed release is available.
Review and harden input validation and output encoding for the subscribe.php endpoint and the listed parameters (element, state, cat, id, cid).
Verify that any HTML rendering in the affected workflow uses context-appropriate escaping.
Test the affected endpoint for reflected XSS regression after remediation.
Monitor for suspicious requests targeting subscribe.php and similar parameter-based injection attempts.

Evidence notes

The assessment is based on the official NVD record for CVE-2017-6489, which lists EPESI 1.8.1.1 as vulnerable and classifies the weakness as CWE-79. The record includes a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. References attached to the CVE include a SecurityFocus BID entry and a GitHub issue in Telaxus/EPESI labeled as Exploit and Patch, which supports that remediation discussion exists in the source corpus. No additional exploitation details are inferred beyond the supplied sources.

Official resources

CVE-2017-6489 CVE record
CVE.org
CVE-2017-6489 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Patch

CVE published by NVD on 2017-03-05T20:59:00.557Z; the source record was last modified on 2026-05-13T00:24:29.033Z.