Podatność CVE-2017-9140

Podatność CVE-2017-9140

Publikacja: 2017-05-22

Opis:

Typ:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
4.3/10	2.9/10	8.6/10

Affected software
Telerik -> Asp.net webforms report viewer
Progress -> Sitefinity cms

http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406

)

https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018

https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module