Bug 11016

Summary: [Update Request] egroupware 20
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Contributed PackagesAssignee: ROSA Linux Bugs <bugs>
Status: CONFIRMED --- QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, mc2374
Version: KDE4   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14920
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier: CVE-2017-14920
RPM Package: egroupware ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2020-12-06 10:59:18 MSK 
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
Comment 1 Zombie Ryushu 2020-12-06 11:18:31 MSK 
This app in it's current state must be updated to conform to the demands of PHP 7.0 in Rosa 2019.1