Lucene search
HistoryFeb 19, 2010 - 5:30 p.m.
CVE-2009-4647
cve-2009-4647
cross-site scripting
xss
accellion secure file transfer
security vulnerability
web script
html
audit logs
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
Affected configurations
Node
accellionsecure_file_transfer_applianceMatch7_0_135
ORaccellionsecure_file_transfer_applianceMatch7_0_178
ORaccellionsecure_file_transfer_applianceMatch7_0_189
ORaccellionsecure_file_transfer_applianceMatch7_0_259
Related
nvd
nvd
CVE-2009-4647
2010-02-19 17:30:00
prion
prion
Cross site scripting
2010-02-19 17:30:00
cvelist
cvelist
CVE-2009-4647
2010-02-19 17:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Related for CVE-2009-4647