CVE-2005-4567

Name of the Vulnerable Software and Affected Versions FTGate versions 4.4 (Build 4.4.000 Oct 26 2005)

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved by sending specific parameters to certain endpoints, such as the href parameter to "index.fts", or the param1 parameter to "/domains/index.fts", "/config/licence.fts", or "/config/systemacl.fts".

Recommendations For FTGate version 4.4 (Build 4.4.000 Oct 26 2005), consider restricting access to the mentioned endpoints as a temporary workaround until a patch is available. Avoid using the href and param1 parameters in the affected API endpoints until the issue is resolved.