Vulnerability Details CVE-2017-14920
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-14920
-
cpe:2.3:a:egroupware:egroupware:14.1.20140417
-
cpe:2.3:a:egroupware:egroupware:14.1.20140419
-
cpe:2.3:a:egroupware:egroupware:14.1.20140424
-
cpe:2.3:a:egroupware:egroupware:14.1.20140425
-
cpe:2.3:a:egroupware:egroupware:14.1.20140429
-
cpe:2.3:a:egroupware:egroupware:14.1.20140512
-
cpe:2.3:a:egroupware:egroupware:14.1.20140514
-
cpe:2.3:a:egroupware:egroupware:14.1.20140617
-
cpe:2.3:a:egroupware:egroupware:14.1.20140627
-
cpe:2.3:a:egroupware:egroupware:14.1.20140630
-
cpe:2.3:a:egroupware:egroupware:14.1.20140708
-
cpe:2.3:a:egroupware:egroupware:14.1.20140710
-
cpe:2.3:a:egroupware:egroupware:14.1.20140714
-
cpe:2.3:a:egroupware:egroupware:14.1.20140724
-
cpe:2.3:a:egroupware:egroupware:14.1.20140725
-
cpe:2.3:a:egroupware:egroupware:14.1.20140731
-
cpe:2.3:a:egroupware:egroupware:14.1.20140812
-
cpe:2.3:a:egroupware:egroupware:14.1.20140827
-
cpe:2.3:a:egroupware:egroupware:14.1.20140828
-
cpe:2.3:a:egroupware:egroupware:14.1.20140902
-
cpe:2.3:a:egroupware:egroupware:14.1.20140903
-
cpe:2.3:a:egroupware:egroupware:14.1.20140909
-
cpe:2.3:a:egroupware:egroupware:14.1.20140910
-
cpe:2.3:a:egroupware:egroupware:14.1.20140923
-
cpe:2.3:a:egroupware:egroupware:14.1.20141001
-
cpe:2.3:a:egroupware:egroupware:14.1.20141002
-
cpe:2.3:a:egroupware:egroupware:14.1.20141007
-
cpe:2.3:a:egroupware:egroupware:14.1.20141010
-
cpe:2.3:a:egroupware:egroupware:14.1.20141021
-
cpe:2.3:a:egroupware:egroupware:14.1.20141106
-
cpe:2.3:a:egroupware:egroupware:14.1.20141112
-
cpe:2.3:a:egroupware:egroupware:14.1.20141113
-
cpe:2.3:a:egroupware:egroupware:14.1.20141205
-
cpe:2.3:a:egroupware:egroupware:14.1.20141219
-
cpe:2.3:a:egroupware:egroupware:14.1.20150113
-
cpe:2.3:a:egroupware:egroupware:14.1.20150121
-
cpe:2.3:a:egroupware:egroupware:14.1.20150210
-
cpe:2.3:a:egroupware:egroupware:14.2.20141209
-
cpe:2.3:a:egroupware:egroupware:14.2.20141210
-
cpe:2.3:a:egroupware:egroupware:14.2.20141211
-
cpe:2.3:a:egroupware:egroupware:14.2.20141219
-
cpe:2.3:a:egroupware:egroupware:14.2.20150113
-
cpe:2.3:a:egroupware:egroupware:14.2.20150121
-
cpe:2.3:a:egroupware:egroupware:14.2.20150206
-
cpe:2.3:a:egroupware:egroupware:14.2.20150210
-
cpe:2.3:a:egroupware:egroupware:14.2.20150212
-
cpe:2.3:a:egroupware:egroupware:14.2.20150218
-
cpe:2.3:a:egroupware:egroupware:14.2.20150310
-
cpe:2.3:a:egroupware:egroupware:14.2.20150402
-
cpe:2.3:a:egroupware:egroupware:14.2.20150421
-
cpe:2.3:a:egroupware:egroupware:14.2.20150428
-
cpe:2.3:a:egroupware:egroupware:14.2.20150429
-
cpe:2.3:a:egroupware:egroupware:14.2.20150501
-
cpe:2.3:a:egroupware:egroupware:14.2.20150603
-
cpe:2.3:a:egroupware:egroupware:14.2.20150707
-
cpe:2.3:a:egroupware:egroupware:14.2.20150717
-
cpe:2.3:a:egroupware:egroupware:14.3.20150728
-
cpe:2.3:a:egroupware:egroupware:14.3.20150729
-
cpe:2.3:a:egroupware:egroupware:14.3.20150811
-
cpe:2.3:a:egroupware:egroupware:14.3.20150821
-
cpe:2.3:a:egroupware:egroupware:14.3.20150826
-
cpe:2.3:a:egroupware:egroupware:14.3.20150908
-
cpe:2.3:a:egroupware:egroupware:14.3.20151012
-
cpe:2.3:a:egroupware:egroupware:14.3.20151027
-
cpe:2.3:a:egroupware:egroupware:14.3.20151028
-
cpe:2.3:a:egroupware:egroupware:14.3.20151029
-
cpe:2.3:a:egroupware:egroupware:14.3.20151030
-
cpe:2.3:a:egroupware:egroupware:14.3.20151110
-
cpe:2.3:a:egroupware:egroupware:14.3.20151130
-
cpe:2.3:a:egroupware:egroupware:14.3.20151201
-
cpe:2.3:a:egroupware:egroupware:14.3.20160112
-
cpe:2.3:a:egroupware:egroupware:14.3.20160113
-
cpe:2.3:a:egroupware:egroupware:14.3.20160304
-
cpe:2.3:a:egroupware:egroupware:14.3.20160428
-
cpe:2.3:a:egroupware:egroupware:14.3.20160512
-
cpe:2.3:a:egroupware:egroupware:14.3.20160522
-
cpe:2.3:a:egroupware:egroupware:14.3.20160524
-
cpe:2.3:a:egroupware:egroupware:14.3.20160525
-
cpe:2.3:a:egroupware:egroupware:14.3.20160708
-
cpe:2.3:a:egroupware:egroupware:16.1.20160603
-
cpe:2.3:a:egroupware:egroupware:16.1.20160621
-
cpe:2.3:a:egroupware:egroupware:16.1.20160627
-
cpe:2.3:a:egroupware:egroupware:16.1.20160630
-
cpe:2.3:a:egroupware:egroupware:16.1.20160708
-
cpe:2.3:a:egroupware:egroupware:16.1.20160715
-
cpe:2.3:a:egroupware:egroupware:16.1.20160801
-
cpe:2.3:a:egroupware:egroupware:16.1.20160810
-
cpe:2.3:a:egroupware:egroupware:16.1.20160905
-
cpe:2.3:a:egroupware:egroupware:16.1.20161006
-
cpe:2.3:a:egroupware:egroupware:16.1.20161102
-
cpe:2.3:a:egroupware:egroupware:16.1.20161107
-
cpe:2.3:a:egroupware:egroupware:16.1.20161208
-
cpe:2.3:a:egroupware:egroupware:16.1.20170118
-
cpe:2.3:a:egroupware:egroupware:16.1.20170203
-
cpe:2.3:a:egroupware:egroupware:16.1.20170315
-
cpe:2.3:a:egroupware:egroupware:16.1.20170415
-
cpe:2.3:a:egroupware:egroupware:16.1.20170612
-
cpe:2.3:a:egroupware:egroupware:16.1.20170613
-
cpe:2.3:a:egroupware:egroupware:16.1.20170703