Lucene search

PRIOn knowledge basePRION:CVE-2012-6339

HistoryDec 31, 2012 - 11:50 a.m.

Cross site scripting

2012-12-3111:50:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.

CPENameOperatorVersion
ftp_servereq1.6 beta
ftp_servereq2.1
ftp_servereq3.0.6
ftp_servereq1.71
ftp_servereq5.0.1.0
ftp_servereq5.0.0.1
ftp_servereq3.1.0.3
ftp_servereq4.0.9.7
ftp_servereq5.0.4.1
ftp_servereq4.0.7.5

Name	Operator	Version
ftp_server	eq	1.6 beta
ftp_server	eq	2.1
ftp_server	eq	3.0.6
ftp_server	eq	1.71
ftp_server	eq	5.0.1.0
ftp_server	eq	5.0.0.1
ftp_server	eq	3.1.0.3
ftp_server	eq	4.0.9.7
ftp_server	eq	5.0.4.1
ftp_server	eq	4.0.7.5

Rows per page:

1-10 of 1321

References

archives.neohapsis.com/archives/bugtraq/2012-12/0118.html

www.cerberusftp.com/products/releasenotes.html

sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.2%

JSON

Related for PRION:CVE-2012-6339