Vulnerability Description
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Provideserver | Provide Ftp Server | <= 13.1 |
Related Weaknesses (CWE)
References
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20AdmExploitThird Party Advisory
- https://www.provideserver.com/security/Vendor Advisory
- https://github.com/belong2yourself/vulnerabilities/tree/master/ProVide/Web%20AdmExploitThird Party Advisory
- https://www.provideserver.com/security/Vendor Advisory
FAQ
What is CVE-2020-11704?
CVE-2020-11704 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetU...
How severe is CVE-2020-11704?
CVE-2020-11704 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11704?
Check the references section above for vendor advisories and patch information. Affected products include: Provideserver Provide Ftp Server.