CVE-2009-4647 in Secure File Transfer Appliance
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/01/2026
The CVE-2009-4647 vulnerability represents a critical cross-site scripting flaw in the Accellion Secure File Transfer Appliance, a widely deployed enterprise solution for secure file transfers. This vulnerability exists in versions prior to 7_0_296 and demonstrates a classic input validation weakness that enables remote attackers to execute malicious scripts within the context of authenticated administrator sessions. The flaw specifically targets the username parameter handling within the appliance's audit logging functionality, creating a persistent vector for malicious code injection that can compromise the entire administrative interface.
The technical implementation of this vulnerability stems from inadequate sanitization of user-supplied input within the audit log viewing mechanism. When administrators access audit logs that contain maliciously crafted username parameters, the appliance fails to properly encode or escape special characters before rendering the data in web interfaces. This creates an environment where attackers can inject arbitrary HTML and JavaScript code that executes in the browser of any administrator who views the affected audit records. The vulnerability operates at the application layer and leverages the trust relationship between the web interface and authenticated users, making it particularly dangerous as it requires no privileged access to the underlying system.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with elevated privileges within the appliance's administrative environment. An attacker who successfully injects malicious code through the username parameter can potentially escalate their privileges, access sensitive configuration data, modify user permissions, or even gain access to the underlying file system. This represents a significant compromise of the appliance's security model and can lead to complete system takeover. The vulnerability's persistence in audit logs means that the malicious code can execute each time administrators view the affected records, creating a long-term attack vector that remains active until the logs are cleared or the appliance is patched.
Organizations utilizing the Accellion Secure File Transfer Appliance face substantial risk from this vulnerability, as it directly impacts the integrity and confidentiality of their secure file transfer operations. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and maps to ATT&CK technique T1059.007 for script execution through web interfaces. Security professionals should note that this vulnerability demonstrates the critical importance of input validation and output encoding in web applications, particularly in administrative interfaces where attackers can leverage elevated privileges. The remediation approach requires immediate patching to version 7_0_296 or later, along with comprehensive review of audit log handling procedures and implementation of proper input sanitization mechanisms. Organizations should also consider network segmentation and monitoring of audit log access patterns to detect potential exploitation attempts and implement regular security assessments to identify similar vulnerabilities in other enterprise applications.