Lucene search
MitreCVELIST:CVE-2017-14922HistorySep 29, 2017 - 7:00 a.m.
CVE-2017-14922
2017-09-2907:00:00
mitre
www.cve.org
3
EPSS
0.001
Percentile
39.9%
Stored XSS vulnerability via IMG element at βHistoryβ of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
References
openwall.com/lists/oss-security/2017/09/28/11
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases
Related
cve
cve
CVE-2017-14922
2017-09-30 01:29:01
prion
prion
Cross site scripting
2017-09-30 01:29:00
nvd
nvd
CVE-2017-14922
2017-09-30 01:29:01
osv
osv
CVE-2017-14922
2017-09-30 01:29:01