[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3
From: chbi () chbi ! eu
Date: 2017-09-29 17:29:07
Message-ID: e1f1ca85-d911-724b-e9b5-ef5e8132c074 () chbi ! eu
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
> Stored XSS vulnerability via IMG tag at "History" of Profile, Calendar,
> Tasks and CRM allows an authenticated user to inject JavaScript which is
> triggered by the application administrator and other users.
CVE-2017-14922 has been assigned.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14922
> Stored XSS vulnerability via IMG tag at "Leadname" of CRM allows an
> authenticated user to inject JavaScript which is triggered by the
> application administrator and other users.
CVE-2017-14923 has been assigned.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14923
> Stored XSS vulnerability via IMG tag at "Filename" of Filemanager allows
> an authenticated user to inject JavaScript which is triggered by the
> application administrator and other users.
CVE-2017-14921 has been assigned.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14921
--
chbi
https://chbi.eu
GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E
https://chbi.eu/chbi.asc
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic