2 matches found
CVE-2017-5246
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...
CVE-2017-5247
Biscom Secure File Transfer (SFT) is affected by a cross-site scripting (XSS) vulnerability in the File Name field. An authenticated user with permissions to upload or send files can supply a filename containing HTML/script tags, which can be executed by other authenticated users viewing the file...