CVE-2018-18370

Name of the Vulnerable Software and Affected Versions ASG versions 6.6 through 6.7.4.1 ProxySG versions 6.5 through 6.5.10.14 ProxySG versions 6.6 through 6.7.4.1

Description A stored cross-site scripting (XSS) vulnerability in the WebFTP mode of ASG/ProxySG FTP proxy allows a remote attacker to inject malicious JavaScript code in the web listing of a remote FTP server. This can be achieved when a user accesses an FTP server via a ftp:// URL in a web browser. The attacker must be able to upload crafted files to the remote FTP server to exploit the vulnerability.

Recommendations For ASG versions 6.6 through 6.7.4.1, update to version 6.7.4.2 or later. For ProxySG versions 6.5 through 6.5.10.14, update to version 6.5.10.15 or later. For ProxySG versions 6.6 through 6.7.4.1, update to version 6.7.4.2 or later. As a temporary workaround, consider restricting access to the WebFTP mode until a patch is available.