An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
References
Link | Resource |
---|---|
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-05T18:00:00
Updated: 2017-05-05T17:57:01
Reserved: 2017-05-03T00:00:00
Link: CVE-2017-8760
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-05-05T18:29:00.230
Modified: 2017-05-17T16:49:48.257
Link: CVE-2017-8760
JSON object: View
Redhat Information
No data.
CWE