A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
References
Link | Resource |
---|---|
https://www.maxum.com/Rumpus/Download.html | Vendor Advisory |
https://github.com/harshit-shukla/CVE-2019-19368/ | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-12-16 08:15
Updated : 2019-12-23 05:30
NVD link : CVE-2019-19368
Mitre link : CVE-2019-19368
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
maxum
- rumpus