CVE-2017-8793
CVE-2017-8793 affects Accellion FTA devices prior to FTA_9_12_180. A POST to home/seos/courier/web/wmProgressstat.html.php with an attacker-controlled acallow parameter can trigger an Access-Control-Allow-Origin header, bypassing Same-Origin Policy and granting the attacker site access. Severity ...