VYPR
Medium severity6.1NVD Advisory· Published Sep 30, 2017· Updated Jun 17, 2026

CVE-2017-14920

CVE-2017-14920

Description

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
egroupware/egroupwarePackagist
< 16.1.2017092216.1.20170922

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.