CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
References
Link Resource
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:accellion:file_transfer_appliance:*:*:*:*:*:*:*:*

Information

Published : 2017-05-05 11:29

Updated : 2017-05-17 09:49


NVD link : CVE-2017-8760

Mitre link : CVE-2017-8760


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

accellion

  • file_transfer_appliance