CVE-2010-1068

Name of the Vulnerable Software and Affected Versions SurgeFTP version 2.3a6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the domainid and classid parameters in a class action are vulnerable.

Recommendations For SurgeFTP version 2.3a6, avoid using the domainid and classid parameters in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the surgeftpmgr.cgi module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.