SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user- supplied data. Attacker-supplied HTML or JavaScript code could run in an administrator's browser session in the context of the affected site. This could potentially allow the attacker to steal cookie-based authentication credentials other attacks are also possible. SurgeFTP 2.3a6 is vulnerable other versions may also be affected.

References

http://netwinsite.com/surgeftp/
http://www.securityfocus.com/bid/37844

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1068

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

pyftpd Multiple Vulnerabilities
Core FTP Server 'Type' Command Remote Denial of Service Vulnerability
FileZilla Server Port Command Denial of Service
Core FTP Server Directory Traversal Vulnerability
WS_FTP Server Manager Security Bypass Vulnerability

Take action and discover your vulnerabilities