3 matches found
CVE-2018-18370
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting XSS vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web...
CVE-2018-18370
The CVE-2018-18370 issue affects ASG/ProxySG FTP proxy WebFTP mode and is a stored XSS vulnerability in the web listing of remote FTP servers. An attacker must be able to upload crafted files to the remote FTP server to inject malicious JavaScript via a ftp:// URL in a browser. Affected versions ...
XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
SUMMARY The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server. AFFECTED...