CVE-2017-14922

Опубликовано: 30 сент. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

Ссылки

http://openwall.com/lists/oss-security/2017/09/28/11
Mailing List
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases
Issue Tracking
Patch
Release Notes
Third Party Advisory
http://openwall.com/lists/oss-security/2017/09/28/11
Mailing List
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b
Issue Tracking
Patch
Third Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases
Issue Tracking
Patch
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tine20:tine_2.0:*:*:*:*:community:*:*:*

Версия до 2017.08.3 (включая)

EPSS

Процентиль: 55%

0.00325

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hgwx-q73m-3qhx