cvedb.io
CVE-2017-5246
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2017-07-18T18:29:00.200 · Last modified 2026-06-17T01:20:14.383

Summary

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

Affected products

biscom — secure_file_transfer

Does this affect you?

Add your gear to cvedb and we'll alert you only when biscom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.