CVE-2017-5246
Last modified
CVE-2017-5246 is a vulnerability of currently unknown severity. Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Biscom | Secure File Transfer | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5246?
How severe is CVE-2017-5246?
How do I fix CVE-2017-5246?
Are you affected by CVE-2017-5246?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST