CVE-2017-14920

Name of the Vulnerable Software and Affected Versions eGroupware Community Edition versions prior to 16.1.20170922

Description The issue allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. This occurs because the application fails to properly handle the User-Agent header, allowing malicious input to be executed.

Recommendations For versions prior to 16.1.20170922, update to version 16.1.20170922 or later to resolve the issue. As a temporary workaround, consider restricting access to the application administrator interface to minimize the risk of exploitation. Avoid using the User-Agent header in the affected application until the issue is resolved.