Hadi Nategh

1 exploit Active since Sep 2017
CVE-2017-14920 WRITEUP MEDIUM WRITEUP
eGroupware < 16.1.20170922 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
CVSS 6.1