CVE-2017-14920

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
References
Link Resource
http://openwall.com/lists/oss-security/2017/09/28/12 Issue Tracking Mailing List Third Party Advisory Patch
https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:egroupware:egroupware:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2017-09-30 01:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14920

Mitre link : CVE-2017-14920

CVE.ORG link : CVE-2017-14920


JSON object : View

Products Affected

egroupware

  • egroupware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')