CVE-2017-17525

CVE-2017-17525 affects guiclient/guiclient.cpp in xTuple PostBooks 4.7.0, where the BROWSER environment variable is used without validating the launched program’s arguments. This can enable remote argument-injection via a crafted URL. Public records consistently describe the issue and its impact,...