PT-2017-13587 · Suse · Portus+1

Ricardo Sánchez

Published

2017-09-20

Updated

2017-10-06

CVE-2017-14621

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Portus version 2.2.0

Description The issue is related to a XSS vulnerability via the Team field, which is connected to the typeahead functionality.

Recommendations For Portus version 2.2.0, consider disabling the typeahead functionality for the Team field as a temporary workaround until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-14621

SUSE-SU-2017:2655-1

SUSE-SU-2017_2655-1

Affected Products

Portus

Suse

PT-2017-13587 · Suse · Portus+1

CVE-2017-14621

Weakness Enumeration

Related Identifiers

Affected Products

References · 10