CVE-2008-3850

Опубликовано: 27 авг. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.

Ссылки

http://secunia.com/advisories/31572
Vendor Advisory
http://www.securityfocus.com/bid/30796
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/44641
http://secunia.com/advisories/31572
Vendor Advisory
http://www.securityfocus.com/bid/30796
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/44641

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:accellion:secure_file_transfer_appliance:7_0_135:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00346

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-82jg-g6qh-25mv

github

почти 4 года назад