4 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...
CVE-2017-12971
Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...
CVE-2017-12971
Apache2Triad 1.5.4 has a Persistent Cross-Site Scripting (XSS) vulnerability (CVE-2017-12971) in which an attacker can inject script/HTML via the account parameter to phpsftpd/users.php. The available sources confirm the affected product and vulnerable component (Apache2Triad 1.5.4) and the vulne...
CVE-2017-12970
Apache2Triad 1.5.4 is affected by CVE-2017-12970 (CSRF). Multiple sources describe a CSRF weakness in phpsftpd/users.php that can allow an attacker to hijack the authenticated user’s session to add or delete user accounts. The Alpha-vendor product is Apache2Triad; no explicit remediation/patch ve...