Affected configuration(s):
cpe:/a:kopano:webapp:3.3.0
Date published: 2017-07-26T13:29:00.180-04:00
Date last modified: 2017-08-07T10:45:04.773-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Complexity: MEDIUM
Reference URL: https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a
Summary: Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.