Cerberus FTP Server up to 2.41 Administrative Web Interface cross site scripting

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in Cerberus FTP Server up to 2.41 (File Transfer Software). This issue affects an unknown functionality of the component Administrative Web Interface. Upgrading to version 2.42 eliminates this vulnerability.

Field03/24/2015 12:22 PM04/24/2017 09:42 AM
typeFile Transfer SoftwareFile Transfer Software
vendorCerberusCerberus
nameFTP ServerFTP Server
version<=2.41<=2.41
componentAdministrative Web InterfaceAdministrative Web Interface
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.14.1
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
date1356912000 (12/31/2012)1356912000 (12/31/2012)
urlhttp://www.cerberusftp.com/products/releasenotes.htmlhttp://www.cerberusftp.com/products/releasenotes.html
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version2.422.42
cveCVE-2012-6339CVE-2012-6339
cve_nvd_published13569120001356912000
cve_nvd_summaryMultiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
securityfocus5690656906
securityfocus_titleCerberus FTP Server Web Admin Multiple HTML-Injection VulnerabilitiesCerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities
vulnerabilitycenter3813738137
vulnerabilitycenter_titleCerberus FTP Server <5.0.6 Remote Multiple Cross-Site Scripting VulnerabilitiesCerberus FTP Server <5.0.6 Remote Multiple Cross-Site Scripting Vulnerabilities
vulnerabilitycenter_severityMediumMedium
vulnerabilitycenter_creationdate13587264001358726400
vulnerabilitycenter_lastupdatedate14834880001483488000
vulnerabilitycenter_reportingdate13552704001355270400
nessus_id6356063560
nessus_nameCerberus FTP Server < 5.0.6.0 Multiple XSSCerberus FTP Server < 5.0.6.0 Multiple XSS
nessus_filenamecerberus_ftp_5_0_6.naslcerberus_ftp_5_0_6.nasl
nessus_familyFTPFTP
nessus_date1358294400 (01/16/2013)1358294400 (01/16/2013)
qualys_id2736427364
qualys_titleCerberus FTP Server Cross-Site Request Forgery VulnerabilityCerberus FTP Server Cross-Site Request Forgery Vulnerability
seealso13435 62558 6255713435 62558 62557
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiRR
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
confirm_urlhttp://www.cerberusftp.com/products/releasenotes.html
cve_assigned1355356800
securityfocus_date1355270400 (12/12/2012)
securityfocus_classInput Validation Error

Do you need the next level of professionalism?

Upgrade your account now!