Lucene search
PRIOn knowledge basePRION:CVE-2017-9140HistoryMay 22, 2017 - 5:29 a.m.
Cross site scripting
2017-05-2205:29:00
PRIOn knowledge base
www.prio-n.com
2
0.002 Low
EPSS
Percentile
56.7%
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sitefinity_cms | ge | 4.2 | |
| sitefinity_cms | le | 11.0 | |
| telerik_reporting | lt | 11.0.17.406 |
References
www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406)
knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module
Related
cvelist
cvelist
CVE-2017-9140
2017-05-22 04:54:00
cve
cve
CVE-2017-9140
2017-05-22 05:29:03
nvd
nvd
CVE-2017-9140
2017-05-22 05:29:03
nuclei
nuclei
Reflected XSS - Telerik Reporting Module
2021-06-09 13:10:47
nessus
nessus
Sitefinity 7.0.x < 7.0.5140.0 Multiple Vulnerabilities
2018-10-31 00:00:00
Sitefinity 6.2.x < 6.2.4930.0 Multiple Vulnerabilities
2018-10-31 00:00:00
Sitefinity 6.3.x < 6.3.5050.0 Multiple Vulnerabilities
2018-10-31 00:00:00