Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2017-07-18T18:00:00

Updated: 2024-08-05T14:55:35.789Z

Reserved: 2017-01-09T00:00:00

Link: CVE-2017-5246

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-07-18T18:29:00.200

Modified: 2024-11-21T03:27:21.703

Link: CVE-2017-5246

cve-icon Redhat

No data.