PT-2020-18296 · Cerberus · Cerberus Ftp Server

Published

2020-01-13

Updated

2020-01-22

CVE-2020-5195

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cerberus FTP Server versions prior to 11.0.1 Cerberus FTP Server versions prior to 10.0.17

Description The issue allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL, exploiting a Reflected XSS vulnerability through an IMG element. This occurs due to the folder up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The issue impacts anyone who clicks the malicious link crafted by the attacker.

Recommendations For versions prior to 11.0.1, update to version 11.0.1 or later. For versions prior to 10.0.17, update to version 10.0.17 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-5195

Affected Products

Cerberus Ftp Server

PT-2020-18296 · Cerberus · Cerberus Ftp Server

CVE-2020-5195

Weakness Enumeration

Related Identifiers

Affected Products

References · 5