'Re: [oss-security] Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3
From:       chbi () chbi ! eu
Date:       2017-09-29 17:29:07
Message-ID: e1f1ca85-d911-724b-e9b5-ef5e8132c074 () chbi ! eu
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


> Stored XSS vulnerability via IMG tag at "History" of Profile, Calendar,
> Tasks and CRM allows an authenticated user to inject JavaScript which is
> triggered by the application administrator and other users.

CVE-2017-14922 has been assigned.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14922


> Stored XSS vulnerability via IMG tag at "Leadname" of CRM allows an
> authenticated user to inject JavaScript which is triggered by the
> application administrator and other users.

CVE-2017-14923 has been assigned.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14923


> Stored XSS vulnerability via IMG tag at "Filename" of Filemanager allows
> an authenticated user to inject JavaScript which is triggered by the
> application administrator and other users.

CVE-2017-14921 has been assigned.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14921


-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic