Miggo Logo

CVE-2017-14920: eGroupware Community Edition Stored XSS vulnerability

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.78159%
Published
5/17/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
egroupware/egroupwarecomposer< 16.1.2017092216.1.20170922

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how statustext values were handled. Before the patch, the tooltip system unconditionally interpreted statustext as HTML via jQuery.append() in prepare(), and tooltipBind() didn't enforce text rendering. The User-Agent header (attacker-controlled) was stored and rendered without proper escaping when admins viewed logs/tooltips. The patch introduced statustext_html to force text rendering by default, only allowing HTML when explicitly marked safe. The vulnerable functions are directly responsible for processing and rendering untrusted input without sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Stor** XSS vuln*r**ility in **roupw*r* *ommunity **ition ***or* **.*.******** *llows *n un*ut**nti**t** r*mot* *tt**k*r to inj**t J*v*S*ript vi* t** Us*r-***nt *TTP *****r, w*i** is mis**n*l** *urin* r*n**rin* *y t** *ppli**tion **ministr*tor.

Reasoning

T** vuln*r**ility st*ms *rom *ow st*tust*xt v*lu*s w*r* **n*l**. ***or* t** p*t**, t** tooltip syst*m un*on*ition*lly int*rpr*t** st*tust*xt *s *TML vi* `jQu*ry.*pp*n*()` in `pr*p*r*()`, *n* `tooltip*in*()` *i*n't *n*or** t*xt r*n**rin*. T** `Us*r-**