Medium severity5.4NVD Advisory· Published Sep 30, 2017· Updated Jun 17, 2026
CVE-2017-14921
CVE-2017-14921
Description
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <2017.08.4
- Range: <2017.08.4
Patches
Vulnerability mechanics
References
5- openwall.com/lists/oss-security/2017/09/28/11nvdMailing ListPatchThird Party Advisory
- github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786nvdIssue TrackingPatchThird Party Advisory
- github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546bnvdIssue TrackingPatchThird Party Advisory
- github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262bnvdIssue TrackingPatchThird Party Advisory
- github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releasesnvdIssue TrackingPatchRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.