Stored XSS Vulnerability in eGroupware Community Edition Affects Multiple Versions
CVE-2017-14920

6.1MEDIUM

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 30 September 2017

What is CVE-2017-14920?

The eGroupware Community Edition before version 16.1.20170922 has a vulnerability that allows unauthenticated remote attackers to inject malicious JavaScript code via the User-Agent HTTP header. This input is improperly handled during rendering by the application administrator interface, leading to potential exploitation of the affected system. It's crucial for users of the software to implement necessary updates to mitigate this issue, ensuring their web applications are secure against such injection attacks.

References

http://openwall.com/lists/oss-security/2017/09/28/12

x_refsource_MISC

https://github.com/EGroupware/egroupware/commit/0ececf8c7...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Sep 29, 2017

Egroupware

What is CVE-2017-14920?

References

CVSS V3.1

Timeline