PT-2021-9098 · Unknown · Cerberus Ftp Server Enterprise

Robert Newman

Published

2021-06-10

Updated

2021-06-17

CVE-2019-25046

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cerberus FTP Server Enterprise versions 10.0.0 through 10.0.18 Cerberus FTP Server Enterprise versions 11.0.0 through 11.0.3

Description The issue allows for XSS via an SVG document. This is related to the Web Client in Cerberus FTP Server Enterprise.

Recommendations For Cerberus FTP Server Enterprise versions 10.0.0 through 10.0.18, update to version 10.0.19 or later. For Cerberus FTP Server Enterprise versions 11.0.0 through 11.0.3, update to version 11.0.4 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25046

Affected Products

Cerberus Ftp Server Enterprise

PT-2021-9098 · Unknown · Cerberus Ftp Server Enterprise

CVE-2019-25046

Weakness Enumeration

Related Identifiers

Affected Products

References · 6