3 matches found
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
CVE-2017-17525 affects guiclient/guiclient.cpp in xTuple PostBooks 4.7.0, where the BROWSER environment variable is used without validating the launched program’s arguments. This can enable remote argument-injection via a crafted URL. Public records consistently describe the issue and its impact,...