Back to search
CVE-2017-5246
Published: Jul 18, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
| Vendor | Product | Versions |
|---|---|---|
Biscom | Secure File Transfer | affected 5.0.0000 through 5.1.1026 |
References
https://twitter.com/i_bo0om/status/885050741567750145
x_refsource_MISC
https://cve.biscom.com/bis-sft-cv-0004/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now