VDB-96630 · CVE-2017-20116 · EDB-ID 41184

TrueConf Server 4.3.7 /admin/group/list/ checked_group_id Reflected cross site scripting

A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). Using CWE to declare the problem leads to CWE-80. The weakness was published 01/29/2017 by LiquidWorm as EDB-ID 41184 as Exploit (Exploit-DB). The advisory is available at exploit-db.com. This vulnerability is traded as CVE-2017-20116. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com. As 0-day the estimated underground price was around $0-$5k. Upgrading to version 5.2.0 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	69

Field

exploit_price_0day	3
vulnerability_cvss2_vuldb_tempscore	2
vulnerability_cvss2_vuldb_rc	2
vulnerability_cvss2_vuldb_rl	2
vulnerability_cvss3_vuldb_rc	2

Commit Conf

100%	42
70%	25
90%	15
96%	4
60%	2

Approve Conf

100%	42
70%	25
90%	15
96%	4
60%	2

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
13853546	03/24/2023	VulD...	price_0day	$0-$5k	see exploit price documentation	03/24/2023	accepted	90
13853545	03/24/2023	VulD...	cvss2_vuldb_tempscore	2.7	see CVSS documentation	03/24/2023	accepted	90
13853544	03/24/2023	VulD...	upgrade_version	5.2.0	see version documentation	03/24/2023	accepted	100
13853543	03/24/2023	VulD...	name	Upgrade		03/24/2023	accepted	100
13853542	03/24/2023	VulD...	cvss2_vuldb_rc	C	see CVSS documentation	03/24/2023	accepted	100
13853541	03/24/2023	VulD...	cvss2_vuldb_rl	OF	see CVSS documentation	03/24/2023	accepted	100
13853540	03/24/2023	VulD...	cvss3_vuldb_rc	C	see CVSS documentation	03/24/2023	accepted	100
13853539	03/24/2023	VulD...	cvss3_vuldb_rl	O	see CVSS documentation	03/24/2023	accepted	100
13250884	11/12/2022	VulD...	cvss3_cna_basescore	3.5	see CVSS documentation	11/12/2022	accepted	90
13250883	11/12/2022	VulD...	cvss3_nvd_basescore	5.4	nist.gov	11/12/2022	accepted	90
13250882	11/12/2022	VulD...	cvss2_nvd_basescore	3.5	nist.gov	11/12/2022	accepted	90
13250881	11/12/2022	VulD...	cvss3_meta_tempscore	4.0	see CVSS documentation	11/12/2022	accepted	90
13250880	11/12/2022	VulD...	cvss3_meta_basescore	4.1	see CVSS documentation	11/12/2022	accepted	90
13250879	11/12/2022	VulD...	cve_cna	VulDB	nvd.nist.gov	11/12/2022	accepted	70
13250878	11/12/2022	VulD...	cvss3_cna_a	N	nvd.nist.gov	11/12/2022	accepted	70
13250877	11/12/2022	VulD...	cvss3_cna_i	L	nvd.nist.gov	11/12/2022	accepted	70
13250876	11/12/2022	VulD...	cvss3_cna_c	N	nvd.nist.gov	11/12/2022	accepted	70
13250875	11/12/2022	VulD...	cvss3_cna_s	U	nvd.nist.gov	11/12/2022	accepted	70
13250874	11/12/2022	VulD...	cvss3_cna_ui	R	nvd.nist.gov	11/12/2022	accepted	70
13250873	11/12/2022	VulD...	cvss3_cna_pr	L	nvd.nist.gov	11/12/2022	accepted	70

71 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 71 results.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!