Medium severity6.1NVD Advisory· Published Sep 30, 2017· Updated May 13, 2026
CVE-2017-14920
CVE-2017-14920
Description
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
egroupware/egroupwarePackagist | < 16.1.20170922 | 16.1.20170922 |
Affected products
1Patches
10ececf8c78f1Set statustext value as text by default
4 files changed · +26 −11
api/js/etemplate/et2_core_baseWidget.js+7 −1 modified@@ -32,6 +32,12 @@ var et2_baseWidget = (function(){ "use strict"; return et2_DOMWidget.extend(et2_ "description": "Tooltip which is shown for this element", "translate": true }, + "statustext_html": { + "name": "Tooltip is html", + "type": "boolean", + "description": "Flag to allow html content in tooltip", + "default": false + }, "align": { "name": "Align", "type": "string", @@ -277,7 +283,7 @@ var et2_baseWidget = (function(){ "use strict"; return et2_DOMWidget.extend(et2_ if (_value && _value != '') { - this.egw().tooltipBind(elem, _value); + this.egw().tooltipBind(elem, _value, this.options.statustext_html); this._tooltipElem = elem; } }
api/js/jsapi/egw_tooltip.js+12 −4 modified@@ -106,16 +106,24 @@ egw.extend('tooltip', egw.MODULE_WND_LOCAL, function(_app, _wnd) * Creates the tooltip_div with the given text. * * @param {string} _html + * @param {boolean} _isHtml if set to true content gets appended as html */ - function prepare(_html) + function prepare(_html, _isHtml) { // Free and null the old tooltip_div hide(); //Generate the tooltip div, set it's text and append it to the body tag tooltip_div = jQuery(_wnd.document.createElement('div')); tooltip_div.hide(); - tooltip_div.append(_html); + if (_isHtml) + { + tooltip_div.append(_html); + } + else + { + tooltip_div.text(_html) + } tooltip_div.addClass("egw_tooltip"); jQuery(_wnd.document.body).append(tooltip_div); @@ -156,14 +164,14 @@ egw.extend('tooltip', egw.MODULE_WND_LOCAL, function(_app, _wnd) * has to be a jQuery node. * @param _html is the html code which should be shown as tooltip. */ - tooltipBind: function(_elem, _html) { + tooltipBind: function(_elem, _html, _isHtml) { if (_html != '') { _elem.bind('mouseenter.tooltip', function(e) { if (_elem != current_elem) { //Prepare the tooltip - prepare(_html); + prepare(_html, _isHtml); // Set the current element the mouse is over and // initialize the position variables
calendar/js/et2_widget_event.js+5 −4 modified@@ -79,6 +79,7 @@ var et2_calendar_event = (function(){ "use strict"; return et2_valueWidget.exten // Tooltip if(!event._tooltipElem) { + event.options.statustext_html = true; event.set_statustext(event._tooltip()); return event.div.trigger('mouseenter'); } @@ -209,7 +210,7 @@ var et2_calendar_event = (function(){ "use strict"; return et2_valueWidget.exten { parent._out_of_view(); } - + // This should now cease to exist, as new events have been created this.free(); return; @@ -521,7 +522,7 @@ var et2_calendar_event = (function(){ "use strict"; return et2_valueWidget.exten '<span class="calendar_calEventTitle">'+egw.htmlspecialchars(this.options.value.title)+'</span><br>'+ egw.htmlspecialchars(this.options.value.description)+'</p>'+ '<p style="margin: 2px 0px;">'+times+'</p>'+ - (this.options.value.location ? '<p><span class="calendar_calEventLabel">'+this.egw().lang('Location') + '</span>:' + + (this.options.value.location ? '<p><span class="calendar_calEventLabel">'+this.egw().lang('Location') + '</span>:' + egw.htmlspecialchars(this.options.value.location)+'</p>' : '')+ (cat_label ? '<p><span class="calendar_calEventLabel">'+this.egw().lang('Category') + '</span>:' + cat_label +'</p>' : '')+ '<p><span class="calendar_calEventLabel">'+this.egw().lang('Participants')+'</span>:<br />'+ @@ -541,7 +542,7 @@ var et2_calendar_event = (function(){ "use strict"; return et2_valueWidget.exten { return ''; } - + var participant_status = {A: 0, R: 0, T: 0, U: 0, D: 0}; var status_label = {A: 'accepted', R: 'rejected', T: 'tentative', U: 'unknown', D: 'delegated'}; var participant_summary = Object.keys(this.options.value.participants).length + ' ' + this.egw().lang('Participants')+': '; @@ -914,7 +915,7 @@ var et2_calendar_event = (function(){ "use strict"; return et2_valueWidget.exten } } }, - + /** * Link the actions to the DOM nodes / widget bits. *
calendar/templates/default/conflicts.xet+2 −2 modified@@ -14,10 +14,10 @@ </columns> <rows> <row valign="top"> - <image src="conflicts[$row][icon_participants]" statustext="@conflicts[$row][tooltip_participants]" no_lang="1"/> + <image src="conflicts[$row][icon_participants]" statustext_html="true" statustext="@conflicts[$row][tooltip_participants]" no_lang="1"/> <image src="conflicts[$row][icon_recur]" label="@conflicts[$row][text_recur]" no_lang="1"/> <description id="conflicts[$row][time]" no_lang="1"/> - <vbox statustext="conflict[$row][tooltip]" orient=",0,0"> + <vbox statustext="conflict[$row][tooltip]" statustext_html="true" orient=",0,0"> <description id="conflicts[$row][title]" no_lang="1" options="b"/> <description id="conflicts[$row][conflicting_participants]" no_lang="1"/> </vbox>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- openwall.com/lists/oss-security/2017/09/28/12nvdIssue TrackingMailing ListPatchThird Party AdvisoryWEB
- github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529fnvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qfg7-wc25-r3j2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14920ghsaADVISORY
News mentions
0No linked articles in our index yet.