CVE-2017-14920

Опубликовано: 30 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

Ссылки

http://openwall.com/lists/oss-security/2017/09/28/12
Issue Tracking
Mailing List
Patch
Third Party Advisory
https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f
Issue Tracking
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2017/09/28/12
Issue Tracking
Mailing List
Patch
Third Party Advisory
https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:egroupware:egroupware:*:*:*:*:community:*:*:*

Версия до 16.1.20170703 (включая)

EPSS

Процентиль: 79%

0.0122

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qfg7-wc25-r3j2