Medium severity4.3NVD Advisory· Published Jul 18, 2017· Updated Jun 17, 2026
CVE-2017-5246
CVE-2017-5246
Description
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Affected products
3cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*
- (no CPE)range: 5.0.0000 - 5.1.1026
- (no CPE)range: 5.0.0000 through 5.1.1026
Patches
Vulnerability mechanics
References
2- twitter.com/i_bo0om/status/885050741567750145nvdThird Party Advisory
- cve.biscom.com/bis-sft-cv-0004/nvd
News mentions
0No linked articles in our index yet.