CVE-2020-11704

Опубликовано: 12 апр. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.

Ссылки

https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Multiple%20Cross-Site-Scripting
Exploit
Third Party Advisory
https://www.provideserver.com/security/
Vendor Advisory
https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20Admin%20Interface%20-%20Multiple%20Cross-Site-Scripting
Exploit
Third Party Advisory
https://www.provideserver.com/security/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:provideserver:provide_ftp_server:*:*:*:*:*:windows:*:*

Версия до 13.1 (включая)

EPSS

Процентиль: 61%

0.00421

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fvwf-3473-r6jq