Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Accellion Subscribe
Filtered by product File Transfer Appliance

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8788 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
CVE-2017-8791 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
CVE-2017-8304 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2017-8795 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
CVE-2017-8792 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
CVE-2016-2350 1 Accellion 1 File Transfer Appliance 2016-05-10 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.