CVE-2016-2350

Name of the Vulnerable Software and Affected Versions Accellion File Transfer Appliance (FTA) versions prior to FTA 9 12 40

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified input to the following API endpoints: "getimageajax.php", "move partition frame.html", or "wmInfo.html".

Recommendations For Accellion File Transfer Appliance (FTA) versions prior to FTA 9 12 40, update to version FTA 9 12 40 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is applied. Avoid using unspecified input to these endpoints to minimize the risk of exploitation.