Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cerberusftp | Ftp Server | <= 5.0.5.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html
- http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.hExploit
- http://www.cerberusftp.com/products/releasenotes.html
- http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html
- http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.hExploit
- http://www.cerberusftp.com/products/releasenotes.html
FAQ
What is CVE-2012-6339?
CVE-2012-6339 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a lo...
How severe is CVE-2012-6339?
CVE-2012-6339 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6339?
Check the references section above for vendor advisories and patch information. Affected products include: Cerberusftp Ftp Server.