Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xZmc3LXdjMjUtcjNqMs4AAYcc
eGroupware Community Edition Stored XSS vulnerability
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
Permalink: https://github.com/advisories/GHSA-qfg7-wc25-r3j2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZmc3LXdjMjUtcjNqMs4AAYcc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 23 days ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-qfg7-wc25-r3j2, CVE-2017-14920
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14920
- https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f
- http://openwall.com/lists/oss-security/2017/09/28/12
- https://github.com/advisories/GHSA-qfg7-wc25-r3j2
Blast Radius: 5.5
Affected Packages
packagist:egroupware/egroupware
Dependent packages: 10Dependent repositories: 8
Downloads: 1,119 total
Affected Version Ranges: < 16.1.20170922
Fixed in: 16.1.20170922
All affected versions: 14.2.20150121, 14.2.20150206, 14.2.20150210, 14.2.20150212, 14.2.20150218, 14.2.20150310, 14.2.20150402, 14.2.20150421, 14.2.20150428, 14.2.20150429, 14.2.20150501, 14.2.20150603, 14.2.20150707, 14.2.20150717, 14.3.20150728, 14.3.20150729, 14.3.20150811, 14.3.20150821, 14.3.20150826, 14.3.20150908, 14.3.20151012, 14.3.20151027, 14.3.20151028, 14.3.20151029, 14.3.20151030, 14.3.20151110, 14.3.20151130, 14.3.20151201, 14.3.20160112, 14.3.20160113, 14.3.20160304, 14.3.20160428, 14.3.20160512, 14.3.20160522, 14.3.20160524, 14.3.20160525, 14.3.20160708, 16.1.20160603, 16.1.20160621, 16.1.20160627, 16.1.20160630, 16.1.20160708, 16.1.20160715, 16.1.20160801, 16.1.20160810, 16.1.20160905, 16.1.20161006, 16.1.20161102, 16.1.20161107, 16.1.20161208, 16.1.20170118, 16.1.20170203, 16.1.20170315, 16.1.20170415, 16.1.20170612, 16.1.20170613, 16.1.20170703
All unaffected versions: 16.1.20170922, 16.1.20171106, 16.1.20180116, 16.1.20180130, 17.1.20171023, 17.1.20171106, 17.1.20171115, 17.1.20171129, 17.1.20171130, 17.1.20171218, 17.1.20180118, 17.1.20180130, 17.1.20180209, 17.1.20180321, 17.1.20180413, 17.1.20180523, 17.1.20180625, 17.1.20180720, 17.1.20180831, 17.1.20181018, 17.1.20181204, 17.1.20181205, 17.1.20190111, 17.1.20190214, 17.1.20190222, 17.1.20190402, 17.1.20190529, 17.1.20190808, 19.1.20190716, 19.1.20190717, 19.1.20190726, 19.1.20190806, 19.1.20190813, 19.1.20190822, 19.1.20190917, 19.1.20190925, 19.1.20191031, 19.1.20191119, 19.1.20191220, 19.1.20200130, 19.1.20200318, 19.1.20200409, 19.1.20200430, 19.1.20200605, 19.1.20200701, 20.1.20200525, 20.1.20200613, 20.1.20200628, 20.1.20200710, 20.1.20200716, 20.1.20200728, 20.1.20200731, 20.1.20200810, 20.1.20200812, 20.1.20200818, 20.1.20200901, 20.1.20200914, 20.1.20201005, 20.1.20201020, 20.1.20201028, 20.1.20201202, 20.1.20201217, 20.1.20210125, 20.1.20210324, 20.1.20210503, 21.1.20210318, 21.1.20210329, 21.1.20210406, 21.1.20210420, 21.1.20210504, 21.1.20210521, 21.1.20210629, 21.1.20210723, 21.1.20210923, 21.1.20211130, 21.1.20220207, 21.1.20220406, 21.1.20220408, 21.1.20220905, 21.1.20220916, 21.1.20221202, 21.1.20230210, 22.1.20220920, 23.1.20230110, 23.1.20230114, 23.1.20230125, 23.1.20230210, 23.1.20230228, 23.1.20230314, 23.1.20230328, 23.1.20230412, 23.1.20230428, 23.1.20230503, 23.1.20230524, 23.1.20230620, 23.1.20230726, 23.1.20230728, 23.1.20230824, 23.1.20230911, 23.1.20231110, 23.1.20231122, 23.1.20231129, 23.1.20231201, 23.1.20231219, 23.1.20231220, 23.1.20240125, 23.1.20240304, 23.1.20240430