PT-2017-18563 · Allen · Allen Disk
Published
2017-05-08
·
Updated
2020-03-02
·
CVE-2017-8832
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Allen Disk version 1.6
Description
The issue concerns a problem where an attacker can exploit the
id parameter in the "downfile.php" endpoint to perform a cross-site scripting (XSS) attack.Recommendations
For Allen Disk version 1.6, avoid using the
id parameter in the "downfile.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "downfile.php" endpoint to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Allen Disk