CVE-2017-14923 — MEDIUM (5.4)

Q: How severe is CVE-2017-14923?

CVE-2017-14923 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-14923?

Check the references section above for vendor advisories and patch information. Affected products include: Tine20 Tine 2.0.

Vulnerability Description

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Tine20	Tine 2.0	<= 2017.08.3

Related Weaknesses (CWE)

CWE-79

References

http://openwall.com/lists/oss-security/2017/09/28/11Mailing ListPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaaIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1eIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbdIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releasesIssue TrackingPatchRelease Notes
http://openwall.com/lists/oss-security/2017/09/28/11Mailing ListPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaaIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1eIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbdIssue TrackingPatchThird Party Advisory
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releasesIssue TrackingPatchRelease Notes

FAQ

What is CVE-2017-14923?

CVE-2017-14923 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by ...

How severe is CVE-2017-14923?

CVE-2017-14923 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14923?

Check the references section above for vendor advisories and patch information. Affected products include: Tine20 Tine 2.0.