First published: Sat Sep 30 2017(Updated: )
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Egroupware Egroupware | <=16.1.20170703 | |
composer/egroupware/egroupware | <16.1.20170922 | 16.1.20170922 |
<=16.1.20170703 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.