Vulnerability Description
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trueconf | Server | < 5.0.2 |
Related Weaknesses (CWE)
References
- https://vuldb.com/?id.96628Permissions RequiredThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41184/ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.96628Permissions RequiredThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41184/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-20114?
CVE-2017-20114 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the a...
How severe is CVE-2017-20114?
CVE-2017-20114 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-20114?
Check the references section above for vendor advisories and patch information. Affected products include: Trueconf Server.