PatchSiren cyber security CVE debrief

CVE-2017-6491 Epesi CVE debrief

CVE-2017-6491 is a medium-severity cross-site scripting issue in EPESI 1.8.1.1. According to the official NVD record, multiple user-controlled parameters passed to the Tooltip req.php endpoint were not filtered sufficiently, allowing an attacker to inject HTML or script that would run in the context of the vulnerable website.

Vendor: Epesi
Product: CVE-2017-6491
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-05
Original CVE updated: 2026-05-13
Advisory published: 2017-03-05
Advisory updated: 2026-05-13

Who should care

Organizations running EPESI 1.8.1.1, especially teams responsible for web application security, application administration, and user-facing portals where browsers may process untrusted input.

Technical summary

The NVD record maps this issue to CWE-79 and identifies EPESI 1.8.1.1 as vulnerable. The affected surface is the EPESI-master/modules/Utils/Tooltip/req.php URL, where parameters including tooltip_id, callback, args, and cid were insufficiently validated or filtered. The impact is browser-side script execution in the origin of the application, with CVSS v3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Defensive priority

Medium. Prioritize remediation if EPESI is internet-facing, used by many users, or processes sensitive session data, since reflected or stored script execution in the application origin can expose user data and enable account abuse.

Recommended defensive actions

Confirm whether EPESI 1.8.1.1 is deployed anywhere in the environment, including legacy or test instances.
Apply the vendor fix or patched version referenced by the EPESI issue tracker entry linked from the CVE record.
Review any custom integrations or templates that call the Tooltip req.php endpoint and ensure untrusted input is not passed through unsanitized.
Use output encoding and server-side validation for any data that reaches browser-rendered content.
Add monitoring and filtering for suspicious requests targeting the Tooltip req.php endpoint and its parameters.
Limit exposure of the application to trusted users where possible until remediation is complete.

Evidence notes

This debrief is based only on the official NVD CVE record and the linked references supplied in the source corpus. The NVD metadata identifies EPESI 1.8.1.1 as the vulnerable CPE, classifies the weakness as CWE-79, and lists the affected parameters and endpoint in the CVE description. The referenced EPESI GitHub issue is tagged by the CVE source as both Exploit and Patch, but this summary does not rely on any unverified exploit details.

Official resources

CVE-2017-6491 CVE record
CVE.org
CVE-2017-6491 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Patch

Published by NVD/CVE on 2017-03-05T20:59:00.607Z and last modified on 2026-05-13T00:24:29.033Z. The dates in this debrief reflect the official CVE timeline provided in the source corpus.