Medium severity5.4NVD Advisory· Published Sep 30, 2017· Updated May 13, 2026

CVE-2017-14923

Description

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

Affected products

Tine20/Tine 2.0
cpe:2.3:a:tine20:tine_2.0:*:*:*:*:community:*:*:*
Range: <=2017.08.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwall.com/lists/oss-security/2017/09/28/11nvdMailing ListPatchThird Party Advisory
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786nvdIssue TrackingPatchThird Party Advisory
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546bnvdIssue TrackingPatchThird Party Advisory
github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262bnvdIssue TrackingPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000