Lucene search

K

GoogleOSV:CVE-2017-14922

HistorySep 30, 2017 - 1:29 a.m.

CVE-2017-14922

2017-09-3001:29:01

Google

osv.dev

5

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.9%

Stored XSS vulnerability via IMG element at “History” of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

References

openwall.com/lists/oss-security/2017/09/28/11

github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786

github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b

github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b

github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.9%

Related for OSV:CVE-2017-14922

cve1 cvelist1 prion1 nvd1