Medium severity4.3NVD Advisory· Published Jul 18, 2017· Updated May 13, 2026

CVE-2017-5246

Description

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

Affected products

Biscom/Secure File Transferv52 versions
5.0.0000 through 5.1.1026+ 1 more
- (no CPE)range: 5.0.0000 through 5.1.1026
- cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

twitter.com/i_bo0om/status/885050741567750145nvdThird Party Advisory
cve.biscom.com/bis-sft-cv-0004/nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000