Vulnerabilities > Cerberusftp > FTP Server > 5.0.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-12-31 | CVE-2012-6339 | Cross-Site Scripting vulnerability in Cerberusftp FTP Server Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. | 4.3 |
2012-10-04 | CVE-2012-2999 | Cross-Site Request Forgery (CSRF) vulnerability in Cerberusftp FTP Server Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. | 6.8 |