CVE-2017-9292
Description
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Lansweeper before 6.0.0.65 contains a stored XSS vulnerability via an image retrieval URI, allowing arbitrary script execution.
Vulnerability
Lansweeper, a network inventory and asset management solution, has a cross-site scripting (XSS) vulnerability in an image retrieval URI, identified as Bug 542782. The issue affects all versions prior to 6.0.0.65. The vulnerable endpoint processes user-supplied data without proper sanitization, enabling injection of malicious scripts.
Exploitation
An attacker can exploit this vulnerability by crafting a specially crafted image retrieval URI containing malicious JavaScript. The attack requires no authentication and can be delivered via social engineering (e.g., tricking a user into clicking a link) or by embedding the link in a third-party site. The injected script executes in the context of the user's browser session with the Lansweeper server.
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, theft of sensitive data (e.g., authentication tokens), defacement, or redirection to malicious sites. The impact is limited by the browser's security context, but can compromise user privacy and session integrity.
Mitigation
The vulnerability is fixed in Lansweeper version 6.0.0.65, released on May 29, 2017 [1]. Users should upgrade to this version or later. No workarounds are documented in the provided references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.