SurgeFTP Admin Multiple Reflected Cross-site Scripting Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

FTP

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Wont Fix

Created

Created

10 years ago

Modified

Modified

3 years ago

Summary

This host is running SurgeFTP Server and is prone to multiple reflected cross-site scripting vulnerabilities.

Insight

Insight

Input passed through the POST parameters 'fname', 'last', 'class_name', 'filter', 'domainid', and 'classid' in '/cgi/surgeftpmgr.cgi' is not sanitized properly. Allowing the attacker to execute HTML code into admin's browser session.

Affected Software

Affected Software

SurgeFTP version 2.3b6.

Solution

Solution

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Want the latest vulnerabilities news?

Sign up to stay up to date. It is free and always will be.

Processing. Please wait...

We care about the protection of your data. Read our Privacy Policy.