VYPR
Medium severity4.3NVD Advisory· Published Jul 18, 2017· Updated Jun 17, 2026

CVE-2017-5246

CVE-2017-5246

Description

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

Affected products

3
  • cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*
    • (no CPE)range: 5.0.0000 - 5.1.1026
    • (no CPE)range: 5.0.0000 through 5.1.1026

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.