cvedb.io
CVE-2017-9140
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2017-05-22T05:29:03.583 · Last modified 2026-06-17T01:27:33.043

Summary

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.

Affected products

progress — telerik_reporting

Does this affect you?

Add your gear to cvedb and we'll alert you only when progress ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.