CVE-2017-14922

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14922
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14922.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14922
Published
2017-09-30T01:29:01Z
Modified
2025-01-08T10:11:43.284759Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

References

Affected packages

Git / github.com/tine20/tine-2.0-open-source-groupware-and-crm

Affected ranges

Type
GIT
Repo
https://github.com/tine20/tine-2.0-open-source-groupware-and-crm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/tine20/tine20
Events

Affected versions

Other

2011-05-1
2011-05-2
2011-05-5
2011-05-beta1-1
2011-05-rc1-1
2011-05-rc2-1
2012-03-1
2012-03-1-beta3
2012-03-1-beta3-final
2012-03-1-beta4
2012-03-1-beta5
2012-03-1-rc1
2012-03-1-rc2
2012-03-2
2012-03-3
2012-03-alpha1
2012-03-alpha2
2012-03-alpha2-2
2012-03-beta1-1
2012-03-beta2-1

2012.*

2012.10.1
2012.10.1-alpha1
2012.10.1-beta1
2012.10.1-beta2
2012.10.1-rc1
2012.10.1-rc2
2012.10.1-rc3
2012.10.2
2012.10.3
2012.10.4

2013.*

2013.03.1
2013.03.1-beta1
2013.03.1-rc1
2013.03.2
2013.03.3
2013.03.4
2013.03.5
2013.03.6
2013.03.7
2013.03.8
2013.10.1
2013.10.1-beta1
2013.10.1-beta2
2013.10.1-rc1
2013.10.1-rc2
2013.10.2
2013.10.3
2013.10.4
2013.10.5
2013.10.6

2014.*

2014.09.1
2014.09.10
2014.09.12
2014.09.2
2014.09.3
2014.09.4
2014.09.6
2014.09.7
2014.09.8
2014.09.9

2015.*

2015.07.1
2015.07.2
2015.07.3
2015.07.4
2015.07.5
2015.07.6

2016.*

2016.03.1
2016.03.2
2016.03.3
2016.03.4
2016.03.5
2016.09.1
2016.09.2
2016.09.3
2016.09.4
2016.09.5
2016.09.6
2016.09.7

2017.*

2017.02.1
2017.02.2
2017.02.3
2017.02.4
2017.02.5
2017.08.1
2017.08.2
2017.08.3