PT-2021-16499 · Ftapi · Ftapi

Published

2021-03-19

Updated

2021-03-22

CVE-2021-25278

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: FTAPI versions 4.0 through 4.10

Description: The issue allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.

Recommendations: For FTAPI versions 4.0 through 4.10, consider disabling the Background Image upload feature in the Submit Box Template Editor until a patch is available. Restrict access to the Submit Box Template Editor to minimize the risk of exploitation. Avoid using SVG documents in the Background Image upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-25278

Affected Products

Ftapi

PT-2021-16499 · Ftapi · Ftapi

CVE-2021-25278

Weakness Enumeration

Related Identifiers

Affected Products

References · 6