Vulnerability Description
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Egroupware | Egroupware | <= 16.1.20170703 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/09/28/12Issue TrackingMailing ListPatch
- https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682ddIssue TrackingPatchThird Party Advisory
- http://openwall.com/lists/oss-security/2017/09/28/12Issue TrackingMailing ListPatch
- https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682ddIssue TrackingPatchThird Party Advisory
FAQ
What is CVE-2017-14920?
CVE-2017-14920 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during ...
How severe is CVE-2017-14920?
CVE-2017-14920 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14920?
Check the references section above for vendor advisories and patch information. Affected products include: Egroupware Egroupware.