CVE-2017-14923

Published: Sep 29, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases

x_refsource_MISC

https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b

x_refsource_MISC

https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b

x_refsource_MISC

https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786

x_refsource_MISC

http://openwall.com/lists/oss-security/2017/09/28/11

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-14923

Description

Affected Products

References