CVE-2017-17714

Name of the Vulnerable Software and Affected Versions Trape versions prior to 2017-11-05

Description The issue allows for XSS attacks through various parameters and HTTP headers, including the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

Recommendations For Trape versions prior to 2017-11-05, update to a version released after 2017-11-05 to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as /nr, /register, and /tping, until a patch is available. Avoid using the vulnerable parameters, such as red, vId, User-Agent, country, countryCode, cpu, isp, lat, lon, org, query, region, regionName, timezone, and zip, in the affected API endpoints until the issue is resolved.