Lucene search
PRIOn knowledge basePRION:CVE-2017-14922HistorySep 30, 2017 - 1:29 a.m.
Cross site scripting
2017-09-3001:29:00
PRIOn knowledge base
www.prio-n.com
2
Stored XSS vulnerability via IMG element at “History” of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
References
openwall.com/lists/oss-security/2017/09/28/11
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases
Related
cvelist
cvelist
CVE-2017-14922
2017-09-29 07:00:00
cve
cve
CVE-2017-14922
2017-09-30 01:29:01
nvd
nvd
CVE-2017-14922
2017-09-30 01:29:01
osv
osv
CVE-2017-14922
2017-09-30 01:29:01