CVE-2009-4647

Name of the Vulnerable Software and Affected Versions Accellion Secure File Transfer Appliance versions prior to 7 0 296

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the username parameter. This occurs because the parameter is not properly handled when the administrator views audit logs.

Recommendations For versions prior to 7 0 296, update to version 7 0 296 or later to resolve the issue. As a temporary workaround, consider restricting access to the audit logs until the update is applied. Avoid using the username parameter in sensitive operations until the issue is resolved.