An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the form HTTP GET parameter passed to the PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php and PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge stable release (aka R37RC1).
Find out more about CVE-2017-5990 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 8 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 7 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
| Wind River Linux 6 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|
