Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Maxum Subscribe
Filtered by product Rumpus

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8514 2 Apple, Maxum 2 Macos, Rumpus 2021-09-08 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
CVE-2020-27576 1 Maxum 1 Rumpus 2021-03-11 3.5 LOW 5.4 MEDIUM
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
CVE-2020-12737 1 Maxum 1 Rumpus 2020-05-13 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
CVE-2019-19660 1 Maxum 1 Rumpus 2020-02-11 4.3 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.
CVE-2019-19665 1 Maxum 1 Rumpus 2020-02-11 4.3 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
CVE-2019-19663 1 Maxum 1 Rumpus 2020-02-10 5.8 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
CVE-2019-19368 1 Maxum 1 Rumpus 2019-12-23 4.3 MEDIUM 6.1 MEDIUM
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts