Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
References
Link | Resource |
---|---|
https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a | Third Party Advisory |
Configurations
Information
Published : 2017-07-26 10:29
Updated : 2017-08-07 07:45
NVD link : CVE-2017-11666
Mitre link : CVE-2017-11666
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
kopano
- webapp