Upstream information

CVE-2017-5246 at MITRE

Description

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1074973 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Tue Jul 18 23:47:08 2017
CVE page last modified: Wed Mar 29 11:36:48 2023