Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/09/28/11 | Mailing List Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786 | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b | Issue Tracking Patch Third Party Advisory |
https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases | Issue Tracking Release Notes Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-29T07:00:00
Updated: 2017-09-29T06:57:01
Reserved: 2017-09-29T00:00:00
Link: CVE-2017-14923
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-30T01:29:01.990
Modified: 2017-10-05T16:49:06.450
Link: CVE-2017-14923
JSON object: View
Redhat Information
No data.
CWE