Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: rapid7
Published: 2017-07-18T18:00:00
Updated: 2024-08-05T14:55:35.789Z
Reserved: 2017-01-09T00:00:00
Link: CVE-2017-5246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-07-18T18:29:00.200
Modified: 2024-11-21T03:27:21.703
Link: CVE-2017-5246
Redhat
No data.