CVE-2017-14920

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-14920
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14920.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14920
Aliases
Published
2017-09-30T01:29:01.867Z
Modified
2026-04-10T03:57:21.094757Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

References

Affected packages

Git / github.com/egroupware/egroupware

Affected ranges

Type
GIT
Repo
https://github.com/egroupware/egroupware
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
92f25dd9e2ae43527b2e2fccde028a4cfd9cb295
Fixed
0ececf8c78f1c3f9ba15465f53a682dd7d89529f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.20170703"
        }
    ]
}

Affected versions

16.*
16.1.20160603
16.1.20160627
16.1.20160708
16.1.20160715
16.1.20160801
16.1.20160810
16.1.20160905
16.1.20161006
16.1.20161102
16.1.20161208
16.1.20170118
16.1.20170203
16.1.20170315
16.1.20170415
16.1.20170612
16.1.20170703

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14920.json"