Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SurgeFTP 跨站脚本漏洞
Vulnerability Description
SurgeFTP 2.3a1版本的镜像服务器管理器界面中存在跨站脚本攻击漏洞。用户协助式的远程FTP服务器可以借助一个畸形的没有状态代码的响应,注入任意web脚本或HTML。该响应将反映产生错误信息的用户.
CVSS Information
N/A
Vulnerability Type
N/A