Lucene search
MitreCVELIST:CVE-2017-9140HistoryMay 22, 2017 - 4:54 a.m.
CVE-2017-9140
2017-05-2204:54:00
mitre
www.cve.org
2
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
References
www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-%28version-11-0-17-406%29
knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module
Related
prion
prion
Cross site scripting
2017-05-22 05:29:00
nvd
nvd
CVE-2017-9140
2017-05-22 05:29:03
nuclei
nuclei
Reflected XSS - Telerik Reporting Module
2021-06-09 13:10:47
cve
cve
CVE-2017-9140
2017-05-22 05:29:03
nessus
nessus
Sitefinity 7.0.x < 7.0.5140.0 Multiple Vulnerabilities
2018-10-31 00:00:00
Sitefinity 6.2.x < 6.2.4930.0 Multiple Vulnerabilities
2018-10-31 00:00:00
Sitefinity 6.3.x < 6.3.5050.0 Multiple Vulnerabilities
2018-10-31 00:00:00