PatchSiren cyber security CVE debrief
CVE-2017-5882 Sanadata CVE debrief
CVE-2017-5882 is a reflected cross-site scripting issue in SANADATA SanaCMS 7.3. According to the NVD record, the flaw is in index.asp and can be triggered through the search parameter, allowing a remote attacker to inject arbitrary web script or HTML. The issue was published on 2017-02-04 and is scored CVSS 6.1 (Medium).
- Vendor
- Sanadata
- Product
- CVE-2017-5882
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-04
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-04
- Advisory updated
- 2026-05-13
Who should care
Administrators and developers responsible for SANADATA SanaCMS 7.3 deployments, especially any site that exposes the search function to unauthenticated web users. Security teams should also care if the CMS is internet-facing or if user sessions could be affected by malicious script injection.
Technical summary
The supplied record maps CVE-2017-5882 to CWE-79 (Cross-site Scripting) and a vulnerable CPE for sanadata:sanacms:7.3. The NVD vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating a network-reachable issue that requires user interaction and can affect both confidentiality and integrity within the browser context. The vulnerability is described as input handling weakness in index.asp via the search parameter, consistent with reflected XSS.
Defensive priority
Medium. The issue is remotely reachable and does not require privileges, but it does require user interaction and is not listed as a Known Exploited Vulnerability in the supplied data. Prioritize it sooner if the CMS is exposed to the public internet or handles authenticated sessions.
Recommended defensive actions
- Confirm whether SANADATA SanaCMS 7.3 is in use and whether index.asp search functionality is reachable.
- Review any vendor or integrator remediation guidance for SanaCMS 7.3; if no fix is available, restrict exposure or plan replacement/upgrade.
- Validate that search input and any reflected output are properly encoded or sanitized server-side.
- Deploy web application filtering and monitoring for suspicious script-bearing search requests as a compensating control.
- Check whether affected pages can execute in authenticated contexts and invalidate sessions if exploitation is suspected.
Evidence notes
All factual claims in this brief are taken from the supplied NVD-derived record and its references. The record identifies CVE-2017-5882 as a CWE-79 XSS issue in SANADATA SanaCMS 7.3, affecting index.asp via the search parameter, with CVSS 6.1 and the vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. References supplied with the record include a SecurityFocus BID entry and a CXSecurity third-party advisory. No KEV listing was provided in the source corpus. The CVE publication date used here is 2017-02-04, per the supplied timeline.
Official resources
-
CVE-2017-5882 CVE record
CVE.org
-
CVE-2017-5882 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Publicly disclosed in the supplied record on 2017-02-04. No Known Exploited Vulnerability status was provided in the source corpus.