製品・ソフトウェアに関する情報

JVN脆弱性詳細

Tine 2.0 Community Edition におけるクロスサイトスクリプティングの脆弱性

Title	Tine 2.0 Community Edition におけるクロスサイトスクリプティングの脆弱性
Summary	Tine 2.0 Community Edition には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 9, 2017, midnight
Registration Date	Oct. 19, 2017, 5:45 p.m.
Last Update	Oct. 19, 2017, 5:45 p.m.

Affected System

tine20

Tine 2.0 Community Edition 2017.08.4 より前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-14922	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14922
National Vulnerability Database (NVD)
2	CVE-2017-14922	https://nvd.nist.gov/vuln/detail/CVE-2017-14922

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
GitHub
1	name might not be displayed correctly	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b
2	node delte might fail	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786
3	node exists exception broken	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b
4	Releases	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases

Change Log

No	Changed Details	Date of change
0	[2017年10月19日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-14922

Summary	Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
Publication Date	Sept. 30, 2017, 10:29 a.m.
Registration Date	Jan. 26, 2021, 1:16 p.m.
Last Update	Nov. 21, 2024, 12:13 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:tine20:tine_2.0:::::community:::*			2017.08.3

Related information, measures and tools

No	URL	タグ
1	http://openwall.com/lists/oss-security/2017/09/28/11	Mailing List Patch Third Party Advisory
2	http://openwall.com/lists/oss-security/2017/09/28/11	Mailing List Patch Third Party Advisory
3	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786	Issue Tracking Patch Third Party Advisory
4	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/146c5aaafd826c1c8990333c393bff6f64c90786	Issue Tracking Patch Third Party Advisory
5	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b	Issue Tracking Patch Third Party Advisory
6	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/24e39e1e930097b8793a03b8864d3c484ede546b	Issue Tracking Patch Third Party Advisory
7	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b	Issue Tracking Patch Third Party Advisory
8	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/commit/bc8a6fbd3128cf5ef27d808f6c6ba869fdc2262b	Issue Tracking Patch Third Party Advisory
9	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases	Issue Tracking Patch Release Notes Third Party Advisory
10	https://github.com/tine20/Tine-2.0-Open-Source-Groupware-and-CRM/releases	Issue Tracking Patch Release Notes Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html