N/A

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter. Share is Reflected via the target parameter. Share is Stored via the displayname parameter. Waitedit is Reflected via the Host header.

N/A

N/A

Vastgota-Data ProVide User Web Interface 跨站脚本漏洞

Vastgota-Data ProVide是瑞典Vastgota-Data公司的一款具有图形用户界面的文件传输服务器。 Vastgota-Data ProVide 13.1及之前版本中的User Web Interface存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

N/A

N/A