CVE-2017-9140
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-%28version-11-0-17-406%29
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
- https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module
References
- http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-%28version-11-0-17-406%29
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
- https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.