CVE-2012-6339

Name of the Vulnerable Software and Affected Versions Cerberus FTP Server versions prior to 5.0.6.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component. Additionally, remote authenticated administrators might be able to inject arbitrary web script or HTML via a Messages field to the servermanager program.

Recommendations For versions prior to 5.0.6.0, update to version 5.0.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Manager component and limiting the ability of administrators to inject content via the Messages field until a patch is applied.