Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Biscom Subscribe
Filtered by product Secure File Transfer

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27646 1 Biscom 1 Secure File Transfer 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
CVE-2017-5241 1 Biscom 1 Secure File Transfer 2020-02-20 3.5 LOW 5.4 MEDIUM
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.
CVE-2017-5246 1 Biscom 1 Secure File Transfer 2020-02-20 4.0 MEDIUM 4.3 MEDIUM
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
CVE-2017-5247 1 Biscom 1 Secure File Transfer 2020-02-20 3.5 LOW 5.4 MEDIUM
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.
CVE-2020-8503 1 Biscom 1 Secure File Transfer 2020-02-05 3.5 LOW 6.5 MEDIUM
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.