Cerberusftp » Ftp Server : Security Vulnerabilities, CVEs, (XSS)
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker.
Max CVSS
6.1
EPSS Score
0.20%
Published
2020-01-13
Updated
2020-01-22
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-06-10
Updated
2021-06-17
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
Max CVSS
4.3
EPSS Score
0.16%
Published
2012-12-31
Updated
2012-12-31
3 vulnerabilities found