Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/09/28/11 | Mailing List Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786 | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases | Issue Tracking Release Notes Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-29T07:00:00
Updated: 2017-09-29T06:57:01
Reserved: 2017-09-29T00:00:00
Link: CVE-2017-14921
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-30T01:29:01.913
Modified: 2017-10-05T18:41:28.007
Link: CVE-2017-14921
JSON object: View
Redhat Information
No data.
CWE