CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
References
Link Resource
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:accellion:file_transfer_appliance:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-05 18:29

Updated : 2023-12-10 12:01


NVD link : CVE-2017-8760

Mitre link : CVE-2017-8760

CVE.ORG link : CVE-2017-8760


JSON object : View

Products Affected

accellion

  • file_transfer_appliance
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')