PT-2017-15109 · Surgeftp · Surgeftp
Publicado
2017-12-29
·
Atualizado
2021-09-10
·
CVE-2017-17933
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SurgeFTP version 23f2
Description
The issue concerns the Web Manager interface, specifically the cgi/surgeftpmgr.cgi, which is accessible on TCP port 7021 or 9021. It is susceptible to XSS attacks through the
classid, domainid, or username parameters.Recommendations
For SurgeFTP version 23f2, consider restricting access to the Web Manager interface until a fix is available. As a temporary workaround, avoid using the
classid, domainid, or username parameters in the vulnerable cgi/surgeftpmgr.cgi interface.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Surgeftp