CVE-2017-8760: XSS
First published: Fri May 05 2017(Updated: )
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Accellion Secure File Transfer Appliance | <=9_12_40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-8760?
CVE-2017-8760 has a medium severity rating due to its potential exploitation leading to unauthorized access.
How do I fix CVE-2017-8760?
To fix CVE-2017-8760, upgrade your Accellion File Transfer Appliance to version FTA_9_12_180 or later.
What type of vulnerability is CVE-2017-8760?
CVE-2017-8760 is a Cross-Site Scripting (XSS) vulnerability.
What are the affected versions for CVE-2017-8760?
CVE-2017-8760 affects Accellion File Transfer Appliance versions prior to FTA_9_12_180.
Can CVE-2017-8760 be exploited remotely?
Yes, CVE-2017-8760 can potentially be exploited remotely by an attacker.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/accellion
- canonical/accellion secure file transfer appliance
- version/accellion secure file transfer appliance/9_12_40